keith 2003/03/12 06:48:13
Modified: . RELEASE-NOTES-4.1.txt
catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
Redirect to add trailing slash prior to challenging for auth.
PR: 14616
Revision Changes Path
1.64 +5 -1 jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt
Index: RELEASE-NOTES-4.1.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- RELEASE-NOTES-4.1.txt 12 Mar 2003 01:23:35 -0000 1.63
+++ RELEASE-NOTES-4.1.txt 12 Mar 2003 14:48:12 -0000 1.64
@@ -723,6 +723,10 @@
JDBCStore
Fix bug where first session in result set was skipped.
+[4.1.23] #14616
+ AuthenticatorBase
+ Redirect for trailing slash prior to auth challenge for root contexts
+
----------------
Coyote Bug Fixes:
----------------
1.36 +15 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- AuthenticatorBase.java 16 Nov 2002 04:49:22 -0000 1.35
+++ AuthenticatorBase.java 12 Mar 2003 14:48:13 -0000 1.36
@@ -443,6 +443,17 @@
}
HttpRequest hrequest = (HttpRequest) request;
HttpResponse hresponse = (HttpResponse) response;
+
+ // Do not authenticate prior to redirects for trailing slashes,
+ // at least for the root of the context
+ String requestURI = hrequest.getDecodedRequestURI();
+ String contextPath = this.context.getPath();
+ if (requestURI.charAt(requestURI.length() - 1) != '/' &&
+ requestURI.equals(contextPath)) {
+ context.invokeNext(request, response);
+ return;
+ }
+
if (debug >= 1)
log("Security checking request " +
((HttpServletRequest) request.getRequest()).getMethod() + " " +
@@ -473,8 +484,6 @@
// Special handling for form-based logins to deal with the case
// where the login form (and therefore the "j_security_check" URI
// to which it submits) might be outside the secured area
- String contextPath = this.context.getPath();
- String requestURI = hrequest.getDecodedRequestURI();
if (requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION)) {
if (!authenticate(hrequest, hresponse, config)) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
