You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Dragos CERNAHOSCHI <dc...@softwin.ro> on 2001/02/07 09:03:00 UTC
AccessInterceptor bug
Hi
...I've tried to modify AccessInterceptor in order to use FORM
authentication WITHOUT enabling cookies.
The appended code stays between //HERE IS THE DIFFERENCE & // SOFTWIN: THE
DIFFERENCE ENDS HERE. Unfortunately, I didn't succeed in copiling it. Could
you take a look and eventually send me back a "fixed" Tomcat?
...
// SOFTWIN: HERE IS THE DIFFERENCE
boolean noCookies=false;
public void setNoCookies(boolean noCookies) {
this.noCookies = noCookies;
}
// SOFTWIN: THE DIFFERENCE ENDS HERE
...
class FormAuthHandler extends ServletWrapper {
FormAuthHandler() {
initialized=true;
internal=true;
name="tomcat.formAuthHandler";
}
public void doService(Request req, Response res)
throws Exception
{
Context ctx=req.getContext();
HttpSession session=req.getSession( false );
if( session == null ) {
}
String page=ctx.getFormLoginPage();
String errorPage=ctx.getFormErrorPage();
// assert errorPage!=null ( AccessInterceptor will check
// that and enable form login only if everything is ok
session=req.getSession( true );
String username=(String)session.getAttribute( "j_username" );
if( debug>0) log( "Username = " + username);
if( username != null ) {
// 401 with existing j_username - that means wrong credentials.
// Next time we'll have a fresh start
session.removeAttribute( "j_username");
session.removeAttribute( "j_password");
req.setAttribute("javax.servlet.error.message",
errorPage );
contextM.handleStatus( req, res, 302 ); // redirect
return;
}
String originalLocation = req.getRequestURI();
// SOFTWIN: HERE IS THE DIFFERENCE
if (noCookies)
{
originalLocation+="jsessionid="+session.getId();
}
// SOFTWIN: THE DIFFERENCE ENDS HERE
if (req.getQueryString() != null)
originalLocation += "?" + req.getQueryString();
session.setAttribute( "tomcat.auth.originalLocation",
originalLocation);
if( debug > 0 )
log("Redirect1: " + page + " originalUri=" +
req.getRequestURI());
req.setAttribute("javax.servlet.error.message",
page );
contextM.handleStatus( req, res, 302 ); // redirect
return;
}
}