markt 2005/04/28 11:54:54
Modified: catalina/src/share/org/apache/catalina/authenticator
BasicAuthenticator.java
Log:
Fix bug 22617. When used with an EJB container and a realm that supports the
concept
of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always
authenticating users as the unauthenticated user without giving them a
chance to
supply a username and password.
Also fixed some static access warnings highlighted by Eclipse.
Revision Changes Path
1.16 +16 -22
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java
Index: BasicAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- BasicAuthenticator.java 26 Aug 2004 21:27:39 -0000 1.15
+++ BasicAuthenticator.java 28 Apr 2005 18:54:54 -0000 1.16
@@ -46,12 +46,6 @@
/**
- * The Base64 helper object for this class.
- */
- protected static final Base64 base64Helper = new Base64();
-
-
- /**
* Descriptive information about this implementation.
*/
protected static final String info =
@@ -66,7 +60,7 @@
*/
public String getInfo() {
- return (this.info);
+ return (info);
}
@@ -125,15 +119,19 @@
HttpServletResponse hres =
(HttpServletResponse) response.getResponse();
String authorization = request.getAuthorization();
- String username = parseUsername(authorization);
- String password = parsePassword(authorization);
- principal = context.getRealm().authenticate(username, password);
- if (principal != null) {
- register(request, response, principal, Constants.BASIC_METHOD,
- username, password);
- return (true);
- }
+ // Only authenticate if there is an authorization header
+ if (authorization != null) {
+ String username = parseUsername(authorization);
+ String password = parsePassword(authorization);
+ principal = context.getRealm().authenticate(username, password);
+ if (principal != null) {
+ register(request, response, principal,
Constants.BASIC_METHOD,
+ username, password);
+ return (true);
+ }
+ }
+
// Send an "unauthorized" response and an appropriate challenge
String realmName = config.getRealmName();
if (realmName == null)
@@ -160,15 +158,13 @@
*/
protected String parseUsername(String authorization) {
- if (authorization == null)
- return (null);
if (!authorization.toLowerCase().startsWith("basic "))
return (null);
authorization = authorization.substring(6).trim();
// Decode and parse the authorization credentials
String unencoded =
- new String(base64Helper.decode(authorization.getBytes()));
+ new String(Base64.decode(authorization.getBytes()));
int colon = unencoded.indexOf(':');
if (colon < 0)
return (null);
@@ -187,15 +183,13 @@
*/
protected String parsePassword(String authorization) {
- if (authorization == null)
- return (null);
if (!authorization.startsWith("Basic "))
return (null);
authorization = authorization.substring(6).trim();
// Decode and parse the authorization credentials
String unencoded =
- new String(base64Helper.decode(authorization.getBytes()));
+ new String(Base64.decode(authorization.getBytes()));
int colon = unencoded.indexOf(':');
if (colon < 0)
return (null);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
