markt 2005/05/22 10:18:28
Modified: catalina/src/share/org/apache/catalina/authenticator
FormAuthenticator.java LocalStrings.properties
catalina/src/share/org/apache/catalina/connector
Connector.java
webapps/docs/config ajp.xml http.xml
Log:
Add new attribute maxSavePostSize to connector and document it
Implement save size limit in form authenticator
Revision Changes Path
1.23 +22 -14
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
Index: FormAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- FormAuthenticator.java 16 May 2005 05:22:21 -0000 1.22
+++ FormAuthenticator.java 22 May 2005 17:18:28 -0000 1.23
@@ -36,7 +36,6 @@
import org.apache.catalina.deploy.LoginConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.coyote.InputBuffer;
import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;
@@ -233,7 +232,14 @@
session = request.getSessionInternal(true);
if (log.isDebugEnabled())
log.debug("Save request in session '" +
session.getIdInternal() + "'");
- saveRequest(request, session);
+ try {
+ saveRequest(request, session);
+ } catch (IOException ioe) {
+ log.debug("Request body too big to save during
authentication");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN,
+ sm.getString("authenticator.requestBodyTooBig"));
+ return (false);
+ }
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
@@ -387,13 +393,16 @@
if ("POST".equalsIgnoreCase(saved.getMethod())) {
ByteChunk body = saved.getBody();
-
-
request.getCoyoteRequest().action(ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
-
- // Set content type
- MessageBytes contentType = MessageBytes.newInstance();
- contentType.setString("application/x-www-form-urlencoded");
- request.getCoyoteRequest().setContentType(contentType);
+
+ if (body != null) {
+ request.getCoyoteRequest().action
+ (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
+
+ // Set content type
+ MessageBytes contentType = MessageBytes.newInstance();
+ contentType.setString("application/x-www-form-urlencoded");
+ request.getCoyoteRequest().setContentType(contentType);
+ }
}
request.getCoyoteRequest().method().setString(saved.getMethod());
@@ -440,14 +449,13 @@
}
if ("POST".equalsIgnoreCase(request.getMethod())) {
- // Note that the size of the request body is limited by:
- // request.getConnector().getMaxPostSize()
+ ByteChunk body = new ByteChunk();
+ body.setLimit(request.getConnector().getMaxSavePostSize());
byte[] buffer = new byte[4096];
int bytesRead;
InputStream is = request.getInputStream();
- ByteChunk body = new ByteChunk();
-
+
while ( (bytesRead = is.read(buffer) ) >= 0) {
body.append(buffer, 0, bytesRead);
}
1.3 +1 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties
Index: LocalStrings.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- LocalStrings.properties 15 Mar 2004 22:25:35 -0000 1.2
+++ LocalStrings.properties 22 May 2005 17:18:28 -0000 1.3
@@ -8,6 +8,7 @@
authenticator.notAuthenticated=Configuration error: Cannot perform access
control without an authenticated principal
authenticator.notContext=Configuration error: Must be attached to a Context
authenticator.notStarted=Security Interceptor has not yet been started
+authenticator.requestBodyTooBig=The request body was too large to be cached
during the authentication process
authenticator.sessionExpired=The time allowed for the login process has been
exceeded. If you wish to continue you must either click back twice and re-click
the link you requested or close and re-open your browser
authenticator.unauthorized=Cannot authenticate with the provided credentials
authenticator.userDataConstraint=This request violates a User Data
constraint for this application
1.21 +33 -2
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Connector.java
Index: Connector.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Connector.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Connector.java 21 May 2005 03:02:25 -0000 1.20
+++ Connector.java 22 May 2005 17:18:28 -0000 1.21
@@ -192,6 +192,13 @@
/**
+ * Maximum size of a POST which will be saved by the container
+ * during authentication. 4kB by default
+ */
+ protected int maxSavePostSize = 4 * 1024;
+
+
+ /**
* Has this component been initialized yet?
*/
protected boolean initialized = false;
@@ -520,7 +527,31 @@
public void setMaxPostSize(int maxPostSize) {
this.maxPostSize = maxPostSize;
- setProperty("maxPostSize", String.valueOf(maxPostSize));
+ }
+
+
+ /**
+ * Return the maximum size of a POST which will be saved by the container
+ * during authentication.
+ */
+ public int getMaxSavePostSize() {
+
+ return (maxSavePostSize);
+
+ }
+
+
+ /**
+ * Set the maximum size of a POST which will be saved by the container
+ * during authentication.
+ *
+ * @param maxSavePostSize The new maximum size in bytes of a POST which
will
+ * be saved by the container during authentication.
+ */
+ public void setMaxSavePostSize(int maxSavePostSize) {
+
+ this.maxSavePostSize = maxSavePostSize;
+ setProperty("maxSavePostSize", String.valueOf(maxSavePostSize));
}
1.15 +17 -2 jakarta-tomcat-catalina/webapps/docs/config/ajp.xml
Index: ajp.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/ajp.xml,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ajp.xml 30 Apr 2005 04:35:37 -0000 1.14
+++ ajp.xml 22 May 2005 17:18:28 -0000 1.15
@@ -76,11 +76,26 @@
<attribute name="maxPostSize" required="false">
<p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The feature can be disbled by
- setting this attribute to a value inferior or equal to 0.
+ the container FORM URL parameter parsing. The feature can be disabled
by
+ setting this attribute to a value less than or equal to 0.
If not specified, this attribute is set to 2097152 (2 megabytes).</p>
</attribute>
+ <attribute name="maxSavePostSize" required="false">
+ <p>The maximum size in bytes of the POST which will be saved/buffered
by
+ the container during FORM or CLIENT-CERT authentication. For both types
+ of authentication, the POST will be saved/buffered before the user is
+ authenticated. For CLIENT-CERT authentication, the POST is buffered for
+ the duration of
the SSL handshake and the buffer emptied when the request
+ is processed. For FORM authentication the POST is
saved whilst the user
+ is re-directed to the login form and is retained until the user
+ successfully authenticates or the session associated with the
+ authentication request expires. The limit can be disabled by setting
this
+ attribute to -1. Setting the attribute to
zero will disable the saving of
+ POST data during authentication
. If not
specified, this attribute is set
+ to
4096 (4 kilobytes).</p>
+ </attribute>
+
<attribute name="protocol" required="false">
<p>This attribute value must be <code>AJP/1.3</code> to use the AJP
handler.</p>
1.23 +17 -2 jakarta-tomcat-catalina/webapps/docs/config/http.xml
Index: http.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/http.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- http.xml 30 Apr 2005 04:35:37 -0000 1.22
+++ http.xml 22 May 2005 17:18:28 -0000 1.23
@@ -81,11 +81,26 @@
<attribute name="maxPostSize" required="false">
<p>The maximum size in bytes of the POST which will be handled by
- the container FORM URL parameter parsing. The feature can be disbled by
- setting this attribute to a value inferior or equal to 0.
+ the container FORM URL parameter parsing. The limit can be disabled by
+ setting this attribute to a value less than or equal to 0.
If not specified, this attribute is set to 2097152 (2 megabytes).</p>
</attribute>
+ <attribute name="maxSavePostSize" required="false">
+ <p>The maximum size in bytes of the POST which will be saved/buffered
by
+ the container during FORM or CLIENT-CERT authentication. For both types
+ of authentication, the POST will be saved/buffered before the user is
+ authenticated. For CLIENT-CERT authentication, the POST is buffered for
+ the duration of
the SSL handshake and the buffer emptied when the request
+ is processed. For FORM authentication the POST is
saved whilst the user
+ is re-directed to the login form and is retained until the user
+ successfully authenticates or the session associated with the
+ authentication request expires. The limit can be disabled by setting
this
+ attribute to -1. Setting the attribute to
zero will disable the saving of
+ POST data during authentication
. If not
specified, this attribute is set
+ to
4096 (4 kilobytes).</p>
+ </attribute>
+
<attribute name="protocol" required="false">
<p>This attribute value must be <code>HTTP/1.1</code> to use the HTTP
handler, which is the default.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
