markt 2005/01/07 02:06:38 Modified: catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java catalina/src/share/org/apache/catalina/realm RealmBase.java webapps/docs changelog.xml realm-howto.xml webapps/docs/config valve.xml Log: Fix bug 31198. Support non-ASCII user names and passwords in FORM and DIGEST authentication. - Ported from TC4. Revision Changes Path 1.15 +27 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java Index: FormAuthenticator.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- FormAuthenticator.java 27 Aug 2004 23:56:11 -0000 1.14 +++ FormAuthenticator.java 7 Jan 2005 10:06:38 -0000 1.15 @@ -65,6 +65,13 @@ protected static final String info = "org.apache.catalina.authenticator.FormAuthenticator/1.0"; + /** + * Character encoding to use to read the username and password parameters + * from the request. If not set, the encoding of the request body will be + * used. + */ + protected String characterEncoding = null; + // ------------------------------------------------------------- Properties @@ -79,6 +86,22 @@ } + /** + * Return the character encoding to use to read the username and password. + */ + public String getCharacterEncoding() { + return characterEncoding; + } + + + /** + * Set the character encoding to be used to read the username and password. + */ + public void setCharacterEncoding(String encoding) { + characterEncoding = encoding; + } + + // --------------------------------------------------------- Public Methods @@ -223,6 +246,9 @@ // Yes -- Validate the specified credentials and redirect // to the error page if they are not correct Realm realm = context.getRealm(); + if (characterEncoding != null) { + request.setCharacterEncoding(characterEncoding); + } String username = request.getParameter(Constants.FORM_USERNAME); String password = request.getParameter(Constants.FORM_PASSWORD); if (log.isDebugEnabled()) 1.45 +21 -7 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java Index: RealmBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- RealmBase.java 9 Dec 2004 13:56:35 -0000 1.44 +++ RealmBase.java 7 Jan 2005 10:06:38 -0000 1.45 @@ -1135,8 +1135,10 @@ * @param credentials Password or other credentials to use in * authenticating this username * @param algorithm Algorithm used to do the digest + * @param encoding Character encoding of the string to digest */ - public final static String Digest(String credentials, String algorithm) { + public final static String Digest(String credentials, String algorithm, + String encoding) { try { // Obtain a new message digest with "digest" encryption @@ -1145,7 +1147,11 @@ // encode the credentials // Should use the digestEncoding, but that's not a static field - md.update(credentials.getBytes()); + if (encoding == null) { + md.update(credentials.getBytes()); + } else { + md.update(credentials.getBytes(encoding)); + } // Digest the credentials and return as hexadecimal return (HexUtils.convert(md.digest())); @@ -1164,14 +1170,22 @@ */ public static void main(String args[]) { - if(args.length > 2 && args[0].equalsIgnoreCase("-a")) { - for(int i=2; i < args.length ; i++){ + String encoding = null; + int firstCredentialArg = 2; + + if (args.length > 4 && args[2].equalsIgnoreCase("-e")) { + encoding = args[3]; + firstCredentialArg = 4; + } + + if(args.length > firstCredentialArg && args[0].equalsIgnoreCase("-a")) { + for(int i=firstCredentialArg; i < args.length ; i++){ System.out.print(args[i]+":"); - System.out.println(Digest(args[i], args[1])); + System.out.println(Digest(args[i], args[1], encoding)); } } else { System.out.println - ("Usage: RealmBase -a <algorithm> <credentials>"); + ("Usage: RealmBase -a <algorithm> [-e <encoding>] <credentials>"); } } 1.213 +4 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.212 retrieving revision 1.213 diff -u -r1.212 -r1.213 --- changelog.xml 4 Jan 2005 17:20:24 -0000 1.212 +++ changelog.xml 7 Jan 2005 10:06:38 -0000 1.213 @@ -58,6 +58,10 @@ Feature addition to add Redirector and failOnError support for all Catalina Ant tasks, submitted by Gabriele Garuglieri (remm) </add> + <fix> + <bug>31198</bug>: Fix FORM and DIGEST authentication for non-ASCII + usernames and passwords. (markt) + </fix> </changelog> </subsection> 1.24 +9 -0 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml Index: realm-howto.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- realm-howto.xml 23 Nov 2004 23:14:09 -0000 1.23 +++ realm-howto.xml 7 Jan 2005 10:06:38 -0000 1.24 @@ -221,6 +221,15 @@ <code>$CATALINA_HOME/server/lib/catalina.jar</code> file will need to be on your class path to make the <code>RealmBase</code> class available.</p> +<p>Non-ASCII usernames and/or passwords are supported using +<source>java org.apache.catalina.realm.RealmBase \ + -a {algorithm} -e {encoding} {input} +</source> +but care is required to ensure that the non-ASCII input is +correctly passed to the digester. +The digester returns <code>{input}:{digest}</code>. If the input appears +corrupted in the return, the digest will be invalid.</p> + </subsection> 1.12 +39 -0 jakarta-tomcat-catalina/webapps/docs/config/valve.xml Index: valve.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/valve.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- valve.xml 25 Oct 2004 15:29:41 -0000 1.11 +++ valve.xml 7 Jan 2005 10:06:38 -0000 1.12 @@ -389,6 +389,45 @@ </section> +<section name="Form Authenticator Valve"> + + <subsection name="Introduction"> + + <p>The <strong>Form Authenticator Valve</strong> is automatically added to + any <a href="context.html">Context</a> that is configured to use FORM + authentication.</p> + + <p>If any non-default settings are required, the valve may be configured + within <a href="context.html">Context</a> element with the required + values.</p> + + </subsection> + + <subsection name="Attributes"> + + <p>The <strong>Form Authenticator Valve</strong> supports the following + configuration attributes:</p> + + <attributes> + + <attribute name="className" required="true"> + <p>Java class name of the implementation to use. This MUST be set to + <strong>org.apache.catalina.authenticator.FormAuthenticator</strong>.</p> + </attribute> + + <attribute name="characterEncoding" required="false"> + <p>Character encoding to use to read the username and password parameters + from the request. If not set, the encoding of the request body will be + used.</p> + </attribute> + + </attributes> + + </subsection> + +</section> + + </body>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]