luehe 2003/10/20 19:58:42 Modified: catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java Log: Fixed indentation/removed tabs Revision Changes Path 1.12 +66 -47 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- AuthenticatorBase.java 2 Sep 2003 21:22:04 -0000 1.11 +++ AuthenticatorBase.java 21 Oct 2003 02:58:42 -0000 1.12 @@ -499,8 +499,8 @@ Realm realm = this.context.getRealm(); // Is this request URI subject to a security constraint? - SecurityConstraint [] constraints = realm. - findSecurityConstraints(hrequest, this.context); + SecurityConstraint [] constraints + = realm.findSecurityConstraints(hrequest, this.context); if ((constraints == null) /* && (!Constants.FORM_METHOD.equals(config.getAuthMethod())) */ ) { @@ -522,54 +522,73 @@ sresponse.setHeader("Cache-Control", "no-cache"); sresponse.setHeader("Expires", DATE_ONE); } - int i; - for(i=0; i < constraints.length; i++) { - if (log.isDebugEnabled()) - log.debug(" Subject to constraint " + constraints[i]); - // Enforce any user data constraint for this security constraint - if (log.isDebugEnabled()) - log.debug(" Calling hasUserDataPermission()"); - - if (!realm.hasUserDataPermission(hrequest, hresponse, constraints[i])) { - if (log.isDebugEnabled()) - log.debug(" Failed hasUserDataPermission() test"); - // ASSERT: Authenticator already set the appropriate - // HTTP status code, so we do not have to do anything special - return; - } - } - for(i=0; i < constraints.length; i++) { - // Authenticate based upon the specified login configuration - if (constraints[i].getAuthConstraint()) { - if (log.isDebugEnabled()) - log.debug(" Calling authenticate()"); - if (!authenticate(hrequest, hresponse, config)) { - if (log.isDebugEnabled()) - log.debug(" Failed authenticate() test"); - // ASSERT: Authenticator already set the appropriate - // HTTP status code, so we do not have to do anything special - return; + + int i; + for(i=0; i < constraints.length; i++) { + if (log.isDebugEnabled()) { + log.debug(" Subject to constraint " + constraints[i]); + } + // Enforce any user data constraint for this security constraint + if (log.isDebugEnabled()) { + log.debug(" Calling hasUserDataPermission()"); + } + if (!realm.hasUserDataPermission(hrequest, hresponse, + constraints[i])) { + if (log.isDebugEnabled()) { + log.debug(" Failed hasUserDataPermission() test"); + } + /* + * ASSERT: Authenticator already set the appropriate + * HTTP status code, so we do not have to do anything special + */ + return; } } - // Perform access control based on the specified role(s) - if (constraints[i].getAuthConstraint()) { - if (log.isDebugEnabled()) - log.debug(" Calling accessControl()"); - - if (!realm.hasResourcePermission(hrequest, hresponse, constraints[i], this.context)) { - if (log.isDebugEnabled()) - log.debug(" Failed accessControl() test"); - // ASSERT: AccessControl method has already set the appropriate - // HTTP status code, so we do not have to do anything special - return; - } - } + for(i=0; i < constraints.length; i++) { + // Authenticate based upon the specified login configuration + if (constraints[i].getAuthConstraint()) { + if (log.isDebugEnabled()) { + log.debug(" Calling authenticate()"); + } + if (!authenticate(hrequest, hresponse, config)) { + if (log.isDebugEnabled()) { + log.debug(" Failed authenticate() test"); + } + /* + * ASSERT: Authenticator already set the appropriate + * HTTP status code, so we do not have to do anything + * special + */ + return; + } + } + + // Perform access control based on the specified role(s) + if (constraints[i].getAuthConstraint()) { + if (log.isDebugEnabled()) { + log.debug(" Calling accessControl()"); + } + if (!realm.hasResourcePermission(hrequest, hresponse, + constraints[i], + this.context)) { + if (log.isDebugEnabled()) { + log.debug(" Failed accessControl() test"); + } + /* + * ASSERT: AccessControl method has already set the + * appropriate HTTP status code, so we do not have to do + * anything special + */ + return; + } + } } // Any and all specified constraints have been satisfied - if (log.isDebugEnabled()) + if (log.isDebugEnabled()) { log.debug(" Successfully passed all security constraints"); + } context.invokeNext(request, response); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]