craigmcc 00/12/15 17:42:49
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java BasicAuthenticator.java
DigestAuthenticator.java FormAuthenticator.java
SSLAuthenticator.java
Log:
Refactor common code out of the authenticators and into the base class.
As a side effect of this change, Catalina now (correctly) reports the
cached userPrincipal and authType information for a previously
authenticated user, even if the current request is not protected by a
security constraint.
Submitted by: Vivek Nagar <[EMAIL PROTECTED]>
Revision Changes Path
1.6 +60 -11
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- AuthenticatorBase.java 2000/10/29 00:35:04 1.5
+++ AuthenticatorBase.java 2000/12/16 01:42:46 1.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.5 2000/10/29 00:35:04 craigmcc Exp $
- * $Revision: 1.5 $
- * $Date: 2000/10/29 00:35:04 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.6 2000/12/16 01:42:46 craigmcc Exp $
+ * $Revision: 1.6 $
+ * $Date: 2000/12/16 01:42:46 $
*
* ====================================================================
*
@@ -116,7 +116,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.5 $ $Date: 2000/10/29 00:35:04 $
+ * @version $Revision: 1.6 $ $Date: 2000/12/16 01:42:46 $
*/
@@ -419,6 +419,27 @@
((HttpServletRequest) request.getRequest()).getRequestURI());
LoginConfig config = context.getLoginConfig();
+ // Have we got a cached authenticated Principal to record?
+ if (cache) {
+ Principal principal =
+ ((HttpServletRequest) request.getRequest()).getUserPrincipal();
+ if (principal == null) {
+ Session session = getSession(hrequest);
+ if (session != null) {
+ principal = session.getPrincipal();
+ if (principal != null) {
+ if (debug >= 1)
+ log("We have cached auth type " +
+ session.getAuthType() +
+ " for principal " +
+ session.getPrincipal());
+ hrequest.setAuthType(session.getAuthType());
+ hrequest.setUserPrincipal(principal);
+ }
+ }
+ }
+ }
+
// Special handling for form-based logins to deal with the case
// where the login form (and therefore the "j_security_check" URI
// to which it submits) might be outside the secured area
@@ -450,6 +471,9 @@
if (!checkUserData(hrequest, hresponse, constraint)) {
if (debug >= 1)
log(" Failed checkUserData() test");
+ ((HttpServletResponse) hresponse.getResponse()).sendError
+ (HttpServletResponse.SC_FORBIDDEN,
+ ((HttpServletRequest) hrequest.getRequest()).getRequestURI());
return;
}
@@ -457,6 +481,8 @@
if (!authenticate(hrequest, hresponse, config)) {
if (debug >= 1)
log(" Failed authenticate() test");
+ // ASSERT: Authenticator already set the appropriate
+ // HTTP status code, so we do not have to do anything special
return;
}
@@ -464,6 +490,8 @@
if (!accessControl(hrequest, hresponse, constraint)) {
if (debug >= 1)
log(" Failed accessControl() test");
+ // ASSERT: Access control method has already set the appropriate
+ // HTTP status code, so we do not have to do anything special
return;
}
@@ -538,9 +566,12 @@
if (roles == null)
roles = new String[0];
if (roles.length == 0) {
- if (constraint.getAuthConstraint())
+ if (constraint.getAuthConstraint()) {
+ ((HttpServletResponse) response.getResponse()).sendError
+ (HttpServletResponse.SC_FORBIDDEN,
+ sm.getString("authenticator.forbidden"));
return (false); // No listed roles means no access at all
- else
+ } else
return (true); // Authenticated user is sufficient
}
for (int i = 0; i < roles.length; i++) {
@@ -818,21 +849,39 @@
/**
- * Register an authenticated Principal with our SingleSignOn valve,
- * if there is one, and set the appropriate Cookie to be returned.
+ * Register an authenticated Principal and authentication type in our
+ * request, in the current session (if there is one), and with our
+ * SingleSignOn valve, if there is one. Set the appropriate cookie
+ * to be returned.
*
* @param request The servlet request we are processing
* @param response The servlet response we are generating
* @param principal The authenticated Principal to be registered
* @param authType The authentication type to be registered
*/
- protected void register(Request request, Response response,
+ protected void register(HttpRequest request, HttpResponse response,
Principal principal, String authType) {
- if (sso == null)
- return;
+ if (debug >= 1)
+ log("Authenticated '" + principal.getName() + "' with type '"
+ + authType + "'");
+
+ // Cache the authentication information in our request
+ request.setAuthType(authType);
+ request.setUserPrincipal(principal);
+
+ // Cache the authentication information in our session, if any
+ if (cache) {
+ Session session = getSession((HttpRequest) request);
+ if (session != null) {
+ session.setAuthType(authType);
+ session.setPrincipal(principal);
+ }
+ }
// Construct a cookie to be returned to the client
+ if (sso == null)
+ return;
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
HttpServletResponse hres =
1.5 +6 -28
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java
Index: BasicAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- BasicAuthenticator.java 2000/10/18 18:15:50 1.4
+++ BasicAuthenticator.java 2000/12/16 01:42:46 1.5
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
1.4 2000/10/18 18:15:50 craigmcc Exp $
- * $Revision: 1.4 $
- * $Date: 2000/10/18 18:15:50 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
1.5 2000/12/16 01:42:46 craigmcc Exp $
+ * $Revision: 1.5 $
+ * $Date: 2000/12/16 01:42:46 $
*
* ====================================================================
*
@@ -84,7 +84,7 @@
* and Digest Access Authentication."
*
* @author Craig R. McClanahan
- * @version $Revision: 1.4 $ $Date: 2000/10/18 18:15:50 $
+ * @version $Revision: 1.5 $ $Date: 2000/12/16 01:42:46 $
*/
public final class BasicAuthenticator
@@ -145,27 +145,11 @@
Principal principal =
((HttpServletRequest) request.getRequest()).getUserPrincipal();
if (principal != null) {
- // if (debug >= 1)
- // log("Already authenticated '" + principal.getName() +
"'");
+ if (debug >= 1)
+ log("Already authenticated '" + principal.getName() + "'");
return (true);
}
- // Have we got a cached authenticated Principal?
- Session session = null;
- if (cache)
- session = getSession(request);
- if (session != null) {
- principal = session.getPrincipal();
- if (principal != null) {
- // if (debug >= 1)
- // log("Cached authentication for '" +
principal.getName()
- // + "'");
- request.setAuthType(session.getAuthType());
- request.setUserPrincipal(principal);
- return (true);
- }
- }
-
// Validate any credentials already included with this request
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
@@ -175,12 +159,6 @@
if (authorization != null) {
principal = findPrincipal(authorization, context.getRealm());
if (principal != null) {
- // if (debug >= 1)
- // log("Authenticated '" + principal.getName() +
"'");
- request.setAuthType(Constants.BASIC_METHOD);
- request.setUserPrincipal(principal);
- if (cache && (session != null))
- session.setPrincipal(principal);
register(request, response, principal, Constants.BASIC_METHOD);
return (true);
}
1.4 +4 -21
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
Index: DigestAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- DigestAuthenticator.java 2000/10/18 18:15:51 1.3
+++ DigestAuthenticator.java 2000/12/16 01:42:47 1.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
1.3 2000/10/18 18:15:51 craigmcc Exp $
- * $Revision: 1.3 $
- * $Date: 2000/10/18 18:15:51 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
1.4 2000/12/16 01:42:47 craigmcc Exp $
+ * $Revision: 1.4 $
+ * $Date: 2000/12/16 01:42:47 $
*
* ====================================================================
*
@@ -88,7 +88,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.3 $ $Date: 2000/10/18 18:15:51 $
+ * @version $Revision: 1.4 $ $Date: 2000/12/16 01:42:47 $
*/
public final class DigestAuthenticator
@@ -221,19 +221,6 @@
if (principal != null)
return (true);
- // Have we got a cached authenticated Principal?
- Session session = null;
- if (cache)
- session = getSession(request);
- if (session != null) {
- principal = session.getPrincipal();
- if (principal != null) {
- request.setAuthType(session.getAuthType());
- request.setUserPrincipal(principal);
- return (true);
- }
- }
-
// Validate any credentials already included with this request
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
@@ -243,10 +230,6 @@
if (authorization != null) {
principal = findPrincipal(hreq, authorization, context.getRealm());
if (principal != null) {
- request.setAuthType(Constants.DIGEST_METHOD);
- request.setUserPrincipal(principal);
- if (cache && (session != null))
- session.setPrincipal(principal);
register(request, response, principal,
Constants.DIGEST_METHOD);
return (true);
1.5 +6 -21
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
Index: FormAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- FormAuthenticator.java 2000/10/18 18:15:51 1.4
+++ FormAuthenticator.java 2000/12/16 01:42:47 1.5
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.4 2000/10/18 18:15:51 craigmcc Exp $
- * $Revision: 1.4 $
- * $Date: 2000/10/18 18:15:51 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.5 2000/12/16 01:42:47 craigmcc Exp $
+ * $Revision: 1.5 $
+ * $Date: 2000/12/16 01:42:47 $
*
* ====================================================================
*
@@ -88,7 +88,7 @@
* Authentication, as described in the Servlet API Specification, Version 2.2.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.4 $ $Date: 2000/10/18 18:15:51 $
+ * @version $Revision: 1.5 $ $Date: 2000/12/16 01:42:47 $
*/
public final class FormAuthenticator
@@ -145,19 +145,6 @@
if (principal != null)
return (true);
- // Have we got a cached authenticated Principal?
- Session session = null;
- if (cache)
- session = getSession(request);
- if (session != null) {
- principal = session.getPrincipal();
- if (principal != null) {
- request.setAuthType(session.getAuthType());
- request.setUserPrincipal(principal);
- return (true);
- }
- }
-
// Acquire references to objects we will need to evaluate
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
@@ -166,6 +153,7 @@
String contextPath = hreq.getContextPath();
String requestURI = hreq.getRequestURI();
response.setContext(request.getContext());
+ Session session = null;
// Is this a request for the login page itself? Test here to avoid
// displaying it twice (from the user's perspective) -- once because
@@ -200,10 +188,7 @@
// Restore this request and redirect to the original request URI
- request.setAuthType(Constants.FORM_METHOD);
- request.setUserPrincipal(principal);
- if (cache && (session != null))
- session.setPrincipal(principal);
+ session = getSession(request, true);
register(request, response, principal, Constants.FORM_METHOD);
if (restoreRequest(request, session))
return (true); // Perform the original request
1.5 +4 -24
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
Index: SSLAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SSLAuthenticator.java 2000/10/18 18:15:51 1.4
+++ SSLAuthenticator.java 2000/12/16 01:42:47 1.5
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
1.4 2000/10/18 18:15:51 craigmcc Exp $
- * $Revision: 1.4 $
- * $Date: 2000/10/18 18:15:51 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
1.5 2000/12/16 01:42:47 craigmcc Exp $
+ * $Revision: 1.5 $
+ * $Date: 2000/12/16 01:42:47 $
*
* ====================================================================
*
@@ -86,7 +86,7 @@
* that utilizes SSL certificates to identify client users.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.4 $ $Date: 2000/10/18 18:15:51 $
+ * @version $Revision: 1.5 $ $Date: 2000/12/16 01:42:47 $
*/
public final class SSLAuthenticator
@@ -140,20 +140,6 @@
if (principal != null)
return (true);
- // Have we got a cached authenticated Principal?
- // FIXME - what if the user switches certificates in the SSLSession?
- Session session = null;
- if (cache)
- session = getSession(request);
- if (session != null) {
- principal = session.getPrincipal();
- if (principal != null) {
- request.setAuthType(session.getAuthType());
- request.setUserPrincipal(principal);
- return (true);
- }
- }
-
// Retrieve the certificate chain for this client
if (debug >= 1)
log(" Looking up certificates");
@@ -187,12 +173,6 @@
}
// Cache the principal (if requested) and record this authentication
- if (debug >= 1)
- log(" Successfully identified '" + principal.getName() + "'");
- request.setAuthType(Constants.CERT_METHOD);
- request.setUserPrincipal(principal);
- if (cache && (session != null))
- session.setPrincipal(principal);
register(request, response, principal, Constants.CERT_METHOD);
return (true);
