cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java

Fri, 27 Aug 2004 16:56:18 -0700 

remm        2004/08/27 16:56:11

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        FormAuthenticator.java
  Log:
  - Set the notes even when caching. This is harmless from a performance standpoint, 
but since the principal might not be serializable
    it would cause issues with SSO and clustering.
  - Yoav, do you agree on porting this to 5.0.x ?
  
  Revision  Changes    Path
  1.14      +10 -6     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- FormAuthenticator.java    7 Jul 2004 16:39:46 -0000       1.13
  +++ FormAuthenticator.java    27 Aug 2004 23:56:11 -0000      1.14
  @@ -171,6 +171,12 @@
               register(request, response, principal, Constants.FORM_METHOD,
                        (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                        (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
  +            // If we're caching principals we no longer need the username
  +            // and password in the session, so remove them
  +            if (cache) {
  +                session.removeNote(Constants.SESS_USERNAME_NOTE);
  +                session.removeNote(Constants.SESS_PASSWORD_NOTE);
  +            }
               if (restoreRequest(request, session)) {
                   if (log.isDebugEnabled())
                       log.debug("Proceed to restored request");
  @@ -250,11 +256,9 @@
           // Save the authenticated Principal in our session
           session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
   
  -        // If we are not caching, save the username and password as well
  -        if (!cache) {
  -            session.setNote(Constants.SESS_USERNAME_NOTE, username);
  -            session.setNote(Constants.SESS_PASSWORD_NOTE, password);
  -        }
  +        // Save the username and password as well
  +        session.setNote(Constants.SESS_USERNAME_NOTE, username);
  +        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
   
           // Redirect the user to the original request URI (which will cause
           // the original request to be restored)
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to