cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java

Fri, 10 Sep 2004 00:29:10 -0700 

remm        2004/09/10 00:28:58

  Modified:    catalina/src/share/org/apache/catalina/authenticator Tag:
                        TOMCAT_5_0 FormAuthenticator.java
  Log:
  - Port patch.
  - Set the notes even when caching. This is harmless from a performance standpoint, 
but since the principal might not be serializable
    it would cause issues with SSO and clustering.
  - Submitted by Brian Stransberry.
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.9.2.1   +9 -5      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.9
  retrieving revision 1.9.2.1
  diff -u -r1.9 -r1.9.2.1
  --- FormAuthenticator.java    31 Mar 2004 08:34:53 -0000      1.9
  +++ FormAuthenticator.java    10 Sep 2004 07:28:57 -0000      1.9.2.1
  @@ -176,6 +176,12 @@
               register(request, response, principal, Constants.FORM_METHOD,
                        (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                        (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
  +            // If we're caching principals we no longer need the username
  +            // and password in the session, so remove them
  +            if (cache) {
  +                session.removeNote(Constants.SESS_USERNAME_NOTE);
  +                session.removeNote(Constants.SESS_PASSWORD_NOTE);
  +            }
               if (restoreRequest(request, session)) {
                   if (log.isDebugEnabled())
                       log.debug("Proceed to restored request");
  @@ -256,10 +262,8 @@
           session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
   
           // If we are not caching, save the username and password as well
  -        if (!cache) {
  -            session.setNote(Constants.SESS_USERNAME_NOTE, username);
  -            session.setNote(Constants.SESS_PASSWORD_NOTE, password);
  -        }
  +        session.setNote(Constants.SESS_USERNAME_NOTE, username);
  +        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
   
           // Redirect the user to the original request URI (which will cause
           // the original request to be restored)
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to