cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml

Thu, 28 Apr 2005 11:56:06 -0700 

markt       2005/04/28 11:55:57

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        BasicAuthenticator.java
               webapps/docs changelog.xml
  Log:
  Fix bug 22617. When used with an EJB container and a realm that supports the 
concept
   of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always
   authenticating users as the unauthenticated user without giving them a 
chance to
   supply a username and password.
   - Ported from TC4.
  
  Revision  Changes    Path
  1.12      +8 -7      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java
  
  Index: BasicAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- BasicAuthenticator.java   18 Jan 2005 22:11:57 -0000      1.11
  +++ BasicAuthenticator.java   28 Apr 2005 18:55:57 -0000      1.12
  @@ -176,14 +176,15 @@
                   
                   authorizationBC.setOffset(authorizationBC.getOffset() - 6);
               }
  +
  +            principal = context.getRealm().authenticate(username, password);
  +            if (principal != null) {
  +                register(request, response, principal, 
Constants.BASIC_METHOD,
  +                         username, password);
  +                return (true);
  +            }
           }
           
  -        principal = context.getRealm().authenticate(username, password);
  -        if (principal != null) {
  -            register(request, response, principal, Constants.BASIC_METHOD,
  -                     username, password);
  -            return (true);
  -        }
   
           // Send an "unauthorized" response and an appropriate challenge
           MessageBytes authenticate = 
  
  
  
  1.294     +6 -0      jakarta-tomcat-catalina/webapps/docs/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
  retrieving revision 1.293
  retrieving revision 1.294
  diff -u -r1.293 -r1.294
  --- changelog.xml     28 Apr 2005 12:32:05 -0000      1.293
  +++ changelog.xml     28 Apr 2005 18:55:57 -0000      1.294
  @@ -115,6 +115,12 @@
           If APR as well as Tomcat's JNI wrapper for APR are present, use 
APRized protocol handlers
           instead of the regular ones (remm)
         </update>
  +      <fix>
  +        <bug>22617</bug>: When used with an EJB container and a realm that 
supports the concept
  +        of an unauthenticated user (J2EE.3.4.3) BASIC authentication was 
always authenticating
  +        users as the unauthenticated user without giving them a chance to 
supply a username and
  +        password. (markt)
  +      </fix>
       </changelog>
     </subsection>
     
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to