You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/06/27 21:07:20 UTC
[tomcat] branch 7.0.x updated: Align with 8.5.x. Code clean up and
improved i18n messages
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new ecde67c Align with 8.5.x. Code clean up and improved i18n messages
ecde67c is described below
commit ecde67c45ceb3fb50fd92a848f4125aee0c96d33
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 27 22:05:51 2019 +0100
Align with 8.5.x. Code clean up and improved i18n messages
---
.../catalina/authenticator/AuthenticatorBase.java | 384 +++++++++++----------
.../catalina/authenticator/BasicAuthenticator.java | 4 +-
.../apache/catalina/authenticator/Constants.java | 6 +-
.../authenticator/DigestAuthenticator.java | 18 +-
.../catalina/authenticator/FormAuthenticator.java | 102 +++---
.../catalina/authenticator/LocalStrings.properties | 9 +-
.../authenticator/LocalStrings_es.properties | 14 +-
.../authenticator/LocalStrings_fr.properties | 59 +++-
.../authenticator/LocalStrings_ja.properties | 54 ++-
.../authenticator/NonLoginAuthenticator.java | 10 +-
.../catalina/authenticator/SSLAuthenticator.java | 22 +-
.../catalina/authenticator/SavedRequest.java | 38 +-
.../catalina/authenticator/SingleSignOn.java | 4 +-
.../catalina/authenticator/SingleSignOnEntry.java | 1 +
.../authenticator/SpnegoAuthenticator.java | 16 +-
.../catalina/authenticator/mbeans-descriptors.xml | 2 +-
.../org/apache/catalina/authenticator/package.html | 2 +-
17 files changed, 419 insertions(+), 326 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 7a28e47..2bb4746 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.authenticator;
-
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
@@ -53,40 +50,42 @@ import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.res.StringManager;
-
/**
* Basic implementation of the <b>Valve</b> interface that enforces the
* <code><security-constraint></code> elements in the web application
- * deployment descriptor. This functionality is implemented as a Valve
- * so that it can be omitted in environments that do not require these
- * features. Individual implementations of each supported authentication
- * method can subclass this base class as required.
+ * deployment descriptor. This functionality is implemented as a Valve so that
+ * it can be omitted in environments that do not require these features.
+ * Individual implementations of each supported authentication method can
+ * subclass this base class as required.
* <p>
- * <b>USAGE CONSTRAINT</b>: When this class is utilized, the Context to
- * which it is attached (or a parent Container in a hierarchy) must have an
- * associated Realm that can be used for authenticating users and enumerating
- * the roles to which they have been assigned.
+ * <b>USAGE CONSTRAINT</b>: When this class is utilized, the Context to which it
+ * is attached (or a parent Container in a hierarchy) must have an associated
+ * Realm that can be used for authenticating users and enumerating the roles to
+ * which they have been assigned.
* <p>
- * <b>USAGE CONSTRAINT</b>: This Valve is only useful when processing HTTP
- * requests. Requests of any other type will simply be passed through.
+ * <b>USAGE CONSTRAINT</b>: This Valve is only useful when processing HTTP
+ * requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
*/
-
-
public abstract class AuthenticatorBase extends ValveBase
implements Authenticator {
private final Log log = LogFactory.getLog(AuthenticatorBase.class); // must not be static
+ /**
+ * "Expires" header always set to Date(1), so generate once only
+ */
+ private static final String DATE_ONE = ConcurrentDateFormat.formatRfc1123(new Date(1));
- //------------------------------------------------------ Constructor
public AuthenticatorBase() {
super(true);
}
- // ----------------------------------------------------- Instance Variables
-
+ /**
+ * The string manager for this package.
+ */
+ protected static final StringManager sm = StringManager.getManager(AuthenticatorBase.class);
/**
* Authentication header
@@ -110,14 +109,12 @@ public abstract class AuthenticatorBase extends ValveBase
*/
protected boolean alwaysUseSession = false;
-
/**
- * Should we cache authenticated Principals if the request is part of
- * an HTTP session?
+ * Should we cache authenticated Principals if the request is part of an
+ * HTTP session?
*/
protected boolean cache = true;
-
/**
* Should the session ID, if any, be changed upon a successful
* authentication to prevent a session fixation attack?
@@ -129,7 +126,6 @@ public abstract class AuthenticatorBase extends ValveBase
*/
protected Context context = null;
-
/**
* Descriptive information about this implementation.
*/
@@ -137,8 +133,8 @@ public abstract class AuthenticatorBase extends ValveBase
"org.apache.catalina.authenticator.AuthenticatorBase/1.0";
/**
- * Flag to determine if we disable proxy caching, or leave the issue
- * up to the webapp developer.
+ * Flag to determine if we disable proxy caching, or leave the issue up to
+ * the webapp developer.
*/
protected boolean disableProxyCaching = true;
@@ -181,82 +177,64 @@ public abstract class AuthenticatorBase extends ValveBase
protected SessionIdGeneratorBase sessionIdGenerator = null;
/**
- * The string manager for this package.
- */
- protected static final StringManager sm =
- StringManager.getManager(Constants.Package);
-
-
- /**
- * The SingleSignOn implementation in our request processing chain,
- * if there is one.
+ * The SingleSignOn implementation in our request processing chain, if there
+ * is one.
*/
protected SingleSignOn sso = null;
- /**
- * "Expires" header always set to Date(1), so generate once only
- */
- private static final String DATE_ONE = ConcurrentDateFormat.formatRfc1123(new Date(1));
// ------------------------------------------------------------- Properties
-
public boolean getAlwaysUseSession() {
return alwaysUseSession;
}
-
public void setAlwaysUseSession(boolean alwaysUseSession) {
this.alwaysUseSession = alwaysUseSession;
}
-
/**
* Return the cache authenticated Principals flag.
+ *
+ * @return <code>true</code> if authenticated Principals will be cached,
+ * otherwise <code>false</code>
*/
public boolean getCache() {
-
- return (this.cache);
-
+ return this.cache;
}
-
/**
* Set the cache authenticated Principals flag.
*
- * @param cache The new cache flag
+ * @param cache
+ * The new cache flag
*/
public void setCache(boolean cache) {
-
this.cache = cache;
-
}
-
/**
* Return the Container to which this Valve is attached.
*/
@Override
public Container getContainer() {
-
- return (this.context);
-
+ return this.context;
}
-
/**
* Set the Container to which this Valve is attached.
*
- * @param container The container to which we are attached
+ * @param container
+ * The container to which we are attached
*/
@Override
public void setContainer(Container container) {
- if (container != null && !(container instanceof Context))
- throw new IllegalArgumentException
- (sm.getString("authenticator.notContext"));
+ if (container != null && !(container instanceof Context)) {
+ throw new IllegalArgumentException(sm.getString("authenticator.notContext"));
+ }
super.setContainer(container);
this.context = (Context) container;
@@ -278,6 +256,9 @@ public abstract class AuthenticatorBase extends ValveBase
/**
* Return the flag that states if we add headers to disable caching by
* proxies.
+ *
+ * @return <code>true</code> if the headers will be added, otherwise
+ * <code>false</code>
*/
public boolean getDisableProxyCaching() {
return disableProxyCaching;
@@ -286,8 +267,10 @@ public abstract class AuthenticatorBase extends ValveBase
/**
* Set the value of the flag that states if we add headers to disable
* caching by proxies.
- * @param nocache <code>true</code> if we add headers to disable proxy
- * caching, <code>false</code> if we leave the headers alone.
+ *
+ * @param nocache
+ * <code>true</code> if we add headers to disable proxy caching,
+ * <code>false</code> if we leave the headers alone.
*/
public void setDisableProxyCaching(boolean nocache) {
disableProxyCaching = nocache;
@@ -296,6 +279,9 @@ public abstract class AuthenticatorBase extends ValveBase
/**
* Return the flag that states, if proxy caching is disabled, what headers
* we add to disable the caching.
+ *
+ * @return <code>true</code> if a Pragma header should be used, otherwise
+ * <code>false</code>
*/
public boolean getSecurePagesWithPragma() {
return securePagesWithPragma;
@@ -304,9 +290,11 @@ public abstract class AuthenticatorBase extends ValveBase
/**
* Set the value of the flag that states what headers we add to disable
* proxy caching.
- * @param securePagesWithPragma <code>true</code> if we add headers which
- * are incompatible with downloading office documents in IE under SSL but
- * which fix a caching problem in Mozilla.
+ *
+ * @param securePagesWithPragma
+ * <code>true</code> if we add headers which are incompatible
+ * with downloading office documents in IE under SSL but which
+ * fix a caching problem in Mozilla.
*/
public void setSecurePagesWithPragma(boolean securePagesWithPragma) {
this.securePagesWithPragma = securePagesWithPragma;
@@ -327,69 +315,67 @@ public abstract class AuthenticatorBase extends ValveBase
* Set the value of the flag that states if we should change the session ID
* of an existing session upon successful authentication.
*
- * @param changeSessionIdOnAuthentication
- * <code>true</code> to change session ID upon successful
- * authentication, <code>false</code> to do not perform the
- * change.
+ * @param changeSessionIdOnAuthentication <code>true</code> to change
+ * session ID upon successful authentication, <code>false</code>
+ * to do not perform the change.
*/
- public void setChangeSessionIdOnAuthentication(
- boolean changeSessionIdOnAuthentication) {
+ public void setChangeSessionIdOnAuthentication(boolean changeSessionIdOnAuthentication) {
this.changeSessionIdOnAuthentication = changeSessionIdOnAuthentication;
}
/**
* Return the secure random number generator class name.
+ *
+ * @return The fully qualified name of the SecureRandom implementation to
+ * use
*/
public String getSecureRandomClass() {
-
- return (this.secureRandomClass);
-
+ return this.secureRandomClass;
}
-
/**
* Set the secure random number generator class name.
*
- * @param secureRandomClass The new secure random number generator class
- * name
+ * @param secureRandomClass
+ * The new secure random number generator class name
*/
public void setSecureRandomClass(String secureRandomClass) {
this.secureRandomClass = secureRandomClass;
}
-
/**
* Return the secure random number generator algorithm name.
+ *
+ * @return The name of the SecureRandom algorithm used
*/
public String getSecureRandomAlgorithm() {
return secureRandomAlgorithm;
}
-
/**
* Set the secure random number generator algorithm name.
*
- * @param secureRandomAlgorithm The new secure random number generator
- * algorithm name
+ * @param secureRandomAlgorithm
+ * The new secure random number generator algorithm name
*/
public void setSecureRandomAlgorithm(String secureRandomAlgorithm) {
this.secureRandomAlgorithm = secureRandomAlgorithm;
}
-
/**
* Return the secure random number generator provider name.
+ *
+ * @return The name of the SecureRandom provider
*/
public String getSecureRandomProvider() {
return secureRandomProvider;
}
-
/**
* Set the secure random number generator provider name.
*
- * @param secureRandomProvider The new secure random number generator
- * provider name
+ * @param secureRandomProvider
+ * The new secure random number generator provider name
*/
public void setSecureRandomProvider(String secureRandomProvider) {
this.secureRandomProvider = secureRandomProvider;
@@ -399,24 +385,27 @@ public abstract class AuthenticatorBase extends ValveBase
// --------------------------------------------------------- Public Methods
-
/**
* Enforce the security restrictions in the web application deployment
* descriptor of our associated Context.
*
- * @param request Request to be processed
- * @param response Response to be processed
+ * @param request
+ * Request to be processed
+ * @param response
+ * Response to be processed
*
- * @exception IOException if an input/output error occurs
- * @exception ServletException if thrown by a processing element
+ * @exception IOException
+ * if an input/output error occurs
+ * @exception ServletException
+ * if thrown by a processing element
*/
@Override
- public void invoke(Request request, Response response)
- throws IOException, ServletException {
+ public void invoke(Request request, Response response) throws IOException, ServletException {
- if (log.isDebugEnabled())
- log.debug("Security checking request " +
- request.getMethod() + " " + request.getRequestURI());
+ if (log.isDebugEnabled()) {
+ log.debug("Security checking request " + request.getMethod() + " " +
+ request.getRequestURI());
+ }
LoginConfig config = this.context.getLoginConfig();
// Have we got a cached authenticated Principal to record?
@@ -427,11 +416,10 @@ public abstract class AuthenticatorBase extends ValveBase
if (session != null) {
principal = session.getPrincipal();
if (principal != null) {
- if (log.isDebugEnabled())
- log.debug("We have cached auth type " +
- session.getAuthType() +
- " for principal " +
- session.getPrincipal());
+ if (log.isDebugEnabled()) {
+ log.debug("We have cached auth type " + session.getAuthType() +
+ " for principal " + principal);
+ }
request.setAuthType(session.getAuthType());
request.setUserPrincipal(principal);
}
@@ -485,12 +473,12 @@ public abstract class AuthenticatorBase extends ValveBase
Realm realm = this.context.getRealm();
// Is this request URI subject to a security constraint?
- SecurityConstraint [] constraints
- = realm.findSecurityConstraints(request, this.context);
+ SecurityConstraint[] constraints = realm.findSecurityConstraints(request, this.context);
if (constraints == null && !context.getPreemptiveAuthentication()) {
- if (log.isDebugEnabled())
+ if (log.isDebugEnabled()) {
log.debug(" Not subject to any constraint");
+ }
getNext().invoke(request, response);
return;
}
@@ -498,7 +486,7 @@ public abstract class AuthenticatorBase extends ValveBase
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
if (constraints != null && disableProxyCaching &&
- !"POST".equalsIgnoreCase(request.getMethod())) {
+ !"POST".equalsIgnoreCase(request.getMethod())) {
if (securePagesWithPragma) {
// Note: These can cause problems with downloading files with IE
response.setHeader("Pragma", "No-cache");
@@ -515,14 +503,13 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
log.debug(" Calling hasUserDataPermission()");
}
- if (!realm.hasUserDataPermission(request, response,
- constraints)) {
+ if (!realm.hasUserDataPermission(request, response, constraints)) {
if (log.isDebugEnabled()) {
log.debug(" Failed hasUserDataPermission() test");
}
/*
- * ASSERT: Authenticator already set the appropriate
- * HTTP status code, so we do not have to do anything special
+ * ASSERT: Authenticator already set the appropriate HTTP status
+ * code, so we do not have to do anything special
*/
return;
}
@@ -549,8 +536,7 @@ public abstract class AuthenticatorBase extends ValveBase
if (!authRequired && context.getPreemptiveAuthentication()) {
authRequired =
- request.getCoyoteRequest().getMimeHeaders().getValue(
- "authorization") != null;
+ request.getCoyoteRequest().getMimeHeaders().getValue("authorization") != null;
}
if (!authRequired && context.getPreemptiveAuthentication() &&
@@ -568,9 +554,8 @@ public abstract class AuthenticatorBase extends ValveBase
log.debug(" Failed authenticate() test");
}
/*
- * ASSERT: Authenticator already set the appropriate
- * HTTP status code, so we do not have to do anything
- * special
+ * ASSERT: Authenticator already set the appropriate HTTP status
+ * code, so we do not have to do anything special
*/
return;
}
@@ -581,16 +566,13 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
log.debug(" Calling accessControl()");
}
- if (!realm.hasResourcePermission(request, response,
- constraints,
- this.context)) {
+ if (!realm.hasResourcePermission(request, response, constraints, this.context)) {
if (log.isDebugEnabled()) {
log.debug(" Failed accessControl() test");
}
/*
- * ASSERT: AccessControl method has already set the
- * appropriate HTTP status code, so we do not have to do
- * anything special
+ * ASSERT: AccessControl method has already set the appropriate
+ * HTTP status code, so we do not have to do anything special
*/
return;
}
@@ -612,10 +594,10 @@ public abstract class AuthenticatorBase extends ValveBase
* <code>javax.servlet.request.X509Certificate</code>. If not found, trigger
* extracting the certificate chain from the Coyote request.
*
- * @param request Request to be processed
+ * @param request
+ * Request to be processed
*
- * @return The X509 certificate chain if found, <code>null</code>
- * otherwise.
+ * @return The X509 certificate chain if found, <code>null</code> otherwise.
*/
protected X509Certificate[] getRequestCertificates(final Request request)
throws IllegalStateException {
@@ -636,18 +618,20 @@ public abstract class AuthenticatorBase extends ValveBase
return certs;
}
-
/**
- * Associate the specified single sign on identifier with the
- * specified Session.
+ * Associate the specified single sign on identifier with the specified
+ * Session.
*
- * @param ssoId Single sign on identifier
- * @param session Session to be associated
+ * @param ssoId
+ * Single sign on identifier
+ * @param session
+ * Session to be associated
*/
protected void associate(String ssoId, Session session) {
- if (sso == null)
+ if (sso == null) {
return;
+ }
sso.associate(ssoId, session);
}
@@ -699,16 +683,18 @@ public abstract class AuthenticatorBase extends ValveBase
* processing chain or if there is enough information available to
* authenticate the user without requiring further user interaction.
*
- * @param request The current request
- * @param response The current response
- * @param useSSO Should information available from SSO be used to attempt
- * to authenticate the current user?
+ * @param request
+ * The current request
+ * @param response
+ * The current response
+ * @param useSSO
+ * Should information available from SSO be used to attempt to
+ * authenticate the current user?
*
* @return <code>true</code> if the user was authenticated via the cache,
* otherwise <code>false</code>
*/
- protected boolean checkForCachedAuthentication(Request request,
- HttpServletResponse response, boolean useSSO) {
+ protected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO) {
// Has the user already been authenticated?
Principal principal = request.getUserPrincipal();
@@ -731,12 +717,14 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.sso", ssoId));
}
- /* Try to reauthenticate using data cached by SSO. If this fails,
- either the original SSO logon was of DIGEST or SSL (which
- we can't reauthenticate ourselves because there is no
- cached username and password), or the realm denied
- the user's reauthentication for some reason.
- In either case we have to prompt the user for a logon */
+ /*
+ * Try to reauthenticate using data cached by SSO. If this fails,
+ * either the original SSO logon was of DIGEST or SSL (which we
+ * can't reauthenticate ourselves because there is no cached
+ * username and password), or the realm denied the user's
+ * reauthentication for some reason. In either case we have to
+ * prompt the user for a logon
+ */
if (reauthenticateFromSSO(ssoId, request)) {
return true;
}
@@ -757,7 +745,7 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.authorizeFail", username));
}
- authorized = new GenericPrincipal(username, null, null);
+ authorized = new GenericPrincipal(username, null, null);
}
String authType = request.getAuthType();
if (authType == null || authType.length() == 0) {
@@ -770,19 +758,22 @@ public abstract class AuthenticatorBase extends ValveBase
return false;
}
-
/**
- * Attempts reauthentication to the <code>Realm</code> using
- * the credentials included in argument <code>entry</code>.
+ * Attempts reauthentication to the <code>Realm</code> using the credentials
+ * included in argument <code>entry</code>.
*
- * @param ssoId identifier of SingleSignOn session with which the
- * caller is associated
- * @param request the request that needs to be authenticated
+ * @param ssoId
+ * identifier of SingleSignOn session with which the caller is
+ * associated
+ * @param request
+ * the request that needs to be authenticated
+ * @return <code>true</code> if the reauthentication from SSL occurred
*/
protected boolean reauthenticateFromSSO(String ssoId, Request request) {
- if (sso == null || ssoId == null)
+ if (sso == null || ssoId == null) {
return false;
+ }
boolean reauthenticated = false;
@@ -799,27 +790,32 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
log.debug(" Reauthenticated cached principal '" +
- request.getUserPrincipal().getName() +
- "' with auth type '" + request.getAuthType() + "'");
+ request.getUserPrincipal().getName() +
+ "' with auth type '" + request.getAuthType() + "'");
}
}
return reauthenticated;
}
-
/**
* Register an authenticated Principal and authentication type in our
* request, in the current session (if there is one), and with our
- * SingleSignOn valve, if there is one. Set the appropriate cookie
- * to be returned.
+ * SingleSignOn valve, if there is one. Set the appropriate cookie to be
+ * returned.
*
- * @param request The servlet request we are processing
- * @param response The servlet response we are generating
- * @param principal The authenticated Principal to be registered
- * @param authType The authentication type to be registered
- * @param username Username used to authenticate (if any)
- * @param password Password used to authenticate (if any)
+ * @param request
+ * The servlet request we are processing
+ * @param response
+ * The servlet response we are generating
+ * @param principal
+ * The authenticated Principal to be registered
+ * @param authType
+ * The authentication type to be registered
+ * @param username
+ * Username used to authenticate (if any)
+ * @param password
+ * Password used to authenticate (if any)
*/
public void register(Request request, HttpServletResponse response,
Principal principal, String authType,
@@ -827,8 +823,7 @@ public abstract class AuthenticatorBase extends ValveBase
if (log.isDebugEnabled()) {
String name = (principal == null) ? "none" : principal.getName();
- log.debug("Authenticated '" + name + "' with type '" + authType +
- "'");
+ log.debug("Authenticated '" + name + "' with type '" + authType + "'");
}
// Cache the authentication information in our request
@@ -854,20 +849,23 @@ public abstract class AuthenticatorBase extends ValveBase
if (session != null) {
session.setAuthType(authType);
session.setPrincipal(principal);
- if (username != null)
+ if (username != null) {
session.setNote(Constants.SESS_USERNAME_NOTE, username);
- else
+ } else {
session.removeNote(Constants.SESS_USERNAME_NOTE);
- if (password != null)
+ }
+ if (password != null) {
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- else
+ } else {
session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
}
}
// Construct a cookie to be returned to the client
- if (sso == null)
+ if (sso == null) {
return;
+ }
// Only create a new SSO entry if the SSO did not already set a note
// for an existing entry (as it would do with subsequent requests
@@ -885,11 +883,12 @@ public abstract class AuthenticatorBase extends ValveBase
// Bugzilla 34724
String ssoDomain = sso.getCookieDomain();
- if(ssoDomain != null) {
+ if (ssoDomain != null) {
cookie.setDomain(ssoDomain);
}
- // Configure httpOnly on SSO cookie using same rules as session cookies
+ // Configure httpOnly on SSO cookie using same rules as session
+ // cookies
if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
request.getContext().getUseHttpOnly()) {
cookie.setHttpOnly(true);
@@ -919,18 +918,17 @@ public abstract class AuthenticatorBase extends ValveBase
// associated sessions are destroyed; if a new SSO entry is created
// above for this request and the user never revisits the context, the
// SSO entry will never be cleared if we don't associate the session
- if (session == null)
+ if (session == null) {
session = request.getSessionInternal(true);
+ }
sso.associate(ssoId, session);
}
@Override
- public void login(String username, String password, Request request)
- throws ServletException {
+ public void login(String username, String password, Request request) throws ServletException {
Principal principal = doLogin(request, username, password);
- register(request, request.getResponse(), principal,
- getAuthMethod(), username, password);
+ register(request, request.getResponse(), principal, getAuthMethod(), username, password);
}
protected abstract String getAuthMethod();
@@ -938,14 +936,18 @@ public abstract class AuthenticatorBase extends ValveBase
/**
* Process the login request.
*
- * @param request Associated request
- * @param username The user
- * @param password The password
- * @return The authenticated Principal
+ * @param request
+ * Associated request
+ * @param username
+ * The user
+ * @param password
+ * The password
+ * @return The authenticated Principal
* @throws ServletException
+ * No principal was authenticated with the specified credentials
*/
- protected Principal doLogin(Request request, String username,
- String password) throws ServletException {
+ protected Principal doLogin(Request request, String username, String password)
+ throws ServletException {
Principal p = context.getRealm().authenticate(username, password);
if (p == null) {
throw new ServletException(sm.getString("authenticator.loginFail"));
@@ -968,12 +970,14 @@ public abstract class AuthenticatorBase extends ValveBase
register(request, request.getResponse(), null, null, null, null);
}
+
/**
- * Start this component and implement the requirements
- * of {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
+ * Start this component and implement the requirements of
+ * {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
*
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
+ * @exception LifecycleException
+ * if this component detects a fatal error that prevents this
+ * component from being used
*/
@Override
protected synchronized void startInternal() throws LifecycleException {
@@ -989,14 +993,16 @@ public abstract class AuthenticatorBase extends ValveBase
break;
}
}
- if (sso == null)
+ if (sso == null) {
parent = parent.getParent();
+ }
}
if (log.isDebugEnabled()) {
- if (sso != null)
+ if (sso != null) {
log.debug("Found SingleSignOn Valve at " + sso);
- else
+ } else {
log.debug("No SingleSignOn Valve is present");
+ }
}
sessionIdGenerator = new StandardSessionIdGenerator();
@@ -1007,13 +1013,13 @@ public abstract class AuthenticatorBase extends ValveBase
super.startInternal();
}
-
/**
- * Stop this component and implement the requirements
- * of {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
+ * Stop this component and implement the requirements of
+ * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
*
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
+ * @exception LifecycleException
+ * if this component detects a fatal error that prevents this
+ * component from being used
*/
@Override
protected synchronized void stopInternal() throws LifecycleException {
diff --git a/java/org/apache/catalina/authenticator/BasicAuthenticator.java b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
index 9e6bbf8..8da1f4c 100644
--- a/java/org/apache/catalina/authenticator/BasicAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/BasicAuthenticator.java
@@ -132,6 +132,7 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
}
+ // the request could not be authenticated, so reissue the challenge
StringBuilder value = new StringBuilder(16);
value.append("Basic realm=\"");
if (config.getRealmName() == null) {
@@ -146,11 +147,10 @@ public class BasicAuthenticator extends AuthenticatorBase {
}
response.setHeader(AUTH_HEADER_NAME, value.toString());
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- return (false);
+ return false;
}
-
@Override
protected String getAuthMethod() {
return HttpServletRequest.BASIC_AUTH;
diff --git a/java/org/apache/catalina/authenticator/Constants.java b/java/org/apache/catalina/authenticator/Constants.java
index cd3dba6..48329c5 100644
--- a/java/org/apache/catalina/authenticator/Constants.java
+++ b/java/org/apache/catalina/authenticator/Constants.java
@@ -66,6 +66,10 @@ public class Constants {
public static final String DEFAULT_JAAS_CONF = "conf/jaas.conf";
public static final String DEFAULT_LOGIN_MODULE_NAME =
"com.sun.security.jgss.krb5.accept";
+ /**
+ * @deprecated Unused. Will be removed in Tomcat 9.
+ */
+ @Deprecated
public static final String USE_SUBJECT_CREDS_ONLY_PROPERTY =
"javax.security.auth.useSubjectCredsOnly";
@@ -83,7 +87,7 @@ public class Constants {
* request is associated.
*/
public static final String REQ_SSOID_NOTE =
- "org.apache.catalina.request.SSOID";
+ "org.apache.catalina.request.SSOID";
// ---------------------------------------------------------- Session Notes
diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
index 842bcb7..ed7f8f5 100644
--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.authenticator;
-
import java.io.IOException;
import java.io.StringReader;
import java.security.MessageDigest;
@@ -43,7 +40,6 @@ import org.apache.tomcat.util.security.ConcurrentMessageDigest;
import org.apache.tomcat.util.security.MD5Encoder;
-
/**
* An <b>Authenticator</b> and <b>Valve</b> implementation of HTTP DIGEST
* Authentication (see RFC 2069).
@@ -51,7 +47,6 @@ import org.apache.tomcat.util.security.MD5Encoder;
* @author Craig R. McClanahan
* @author Remy Maucherat
*/
-
public class DigestAuthenticator extends AuthenticatorBase {
private final Log log = LogFactory.getLog(DigestAuthenticator.class); // must not be static
@@ -80,8 +75,8 @@ public class DigestAuthenticator extends AuthenticatorBase {
*/
protected static final String QOP = "auth";
- // ----------------------------------------------------------- Constructors
+ // ----------------------------------------------------------- Constructors
public DigestAuthenticator() {
super();
@@ -348,6 +343,10 @@ public class DigestAuthenticator extends AuthenticatorBase {
/**
* Removes the quotes on a string. RFC2617 states quotes are optional for
* all parameters except realm.
+ *
+ * @param quotedString The quoted string
+ * @param quotesRequired <code>true</code> if quotes were required
+ * @return The unquoted string
*/
protected static String removeQuotes(String quotedString,
boolean quotesRequired) {
@@ -364,6 +363,9 @@ public class DigestAuthenticator extends AuthenticatorBase {
/**
* Removes the quotes on a string.
+ *
+ * @param quotedString The quoted string
+ * @return The unquoted string
*/
protected static String removeQuotes(String quotedString) {
return removeQuotes(quotedString, false);
@@ -375,6 +377,7 @@ public class DigestAuthenticator extends AuthenticatorBase {
* time-stamp ":" private-key ) ).
*
* @param request HTTP Servlet request
+ * @return The generated nonce
*/
protected String generateNonce(Request request) {
@@ -417,7 +420,7 @@ public class DigestAuthenticator extends AuthenticatorBase {
*
* realm = "realm" "=" realm-value
* realm-value = quoted-string
- * domain = "domain" "=" <"> 1#URI <">
+ * domain = "domain" "=" <"> 1#URI <">
* nonce = "nonce" "=" nonce-value
* nonce-value = quoted-string
* opaque = "opaque" "=" quoted-string
@@ -430,6 +433,7 @@ public class DigestAuthenticator extends AuthenticatorBase {
* @param config Login configuration describing how authentication
* should be performed
* @param nonce nonce token
+ * @param isNonceStale <code>true</code> to add a stale parameter
*/
protected void setAuthenticateHeader(HttpServletRequest request,
HttpServletResponse response,
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 62c293c..935486b 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.authenticator;
-
import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
@@ -45,10 +42,9 @@ import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.MimeHeaders;
-
/**
* An <b>Authenticator</b> and <b>Valve</b> implementation of FORM BASED
- * Authentication, as described in the Servlet API Specification, Version 2.2.
+ * Authentication, as described in the Servlet API Specification.
*
* @author Craig R. McClanahan
* @author Remy Maucherat
@@ -58,6 +54,7 @@ public class FormAuthenticator
private final Log log = LogFactory.getLog(FormAuthenticator.class); // must not be static
+
// ----------------------------------------------------- Instance Variables
@@ -81,8 +78,8 @@ public class FormAuthenticator
*/
protected String landingPage = null;
- // ------------------------------------------------------------- Properties
+ // ------------------------------------------------------------- Properties
/**
* Return descriptive information about this Valve implementation.
@@ -96,7 +93,9 @@ public class FormAuthenticator
/**
- * Return the character encoding to use to read the username and password.
+ * Return the character encoding to use to read the user name and password.
+ *
+ * @return The name of the character encoding
*/
public String getCharacterEncoding() {
return characterEncoding;
@@ -104,7 +103,9 @@ public class FormAuthenticator
/**
- * Set the character encoding to be used to read the username and password.
+ * Set the character encoding to be used to read the user name and password.
+ *
+ * @param encoding The name of the encoding to use
*/
public void setCharacterEncoding(String encoding) {
characterEncoding = encoding;
@@ -113,6 +114,8 @@ public class FormAuthenticator
/**
* Return the landing page to use when FORM auth is mis-used.
+ *
+ * @return The path to the landing page relative to the web application root
*/
public String getLandingPage() {
return landingPage;
@@ -121,6 +124,9 @@ public class FormAuthenticator
/**
* Set the landing page to use when the FORM auth is mis-used.
+ *
+ * @param landingPage The path to the landing page relative to the web
+ * application root
*/
public void setLandingPage(String landingPage) {
this.landingPage = landingPage;
@@ -150,7 +156,7 @@ public class FormAuthenticator
throws IOException {
if (checkForCachedAuthentication(request, response, true)) {
- return (true);
+ return true;
}
// References to objects we will need later
@@ -178,8 +184,8 @@ public class FormAuthenticator
if (!matchRequest(request)) {
register(request, response, principal,
HttpServletRequest.FORM_AUTH,
- username, password);
- return (true);
+ username, password);
+ return true;
}
}
if (log.isDebugEnabled()) {
@@ -212,13 +218,13 @@ public class FormAuthenticator
if (log.isDebugEnabled()) {
log.debug("Proceed to restored request");
}
- return (true);
+ return true;
} else {
if (log.isDebugEnabled()) {
log.debug("Restore of original request failed");
}
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return (false);
+ return false;
}
}
@@ -260,10 +266,10 @@ public class FormAuthenticator
log.debug("Request body too big to save during authentication");
response.sendError(HttpServletResponse.SC_FORBIDDEN,
sm.getString("authenticator.requestBodyTooBig"));
- return (false);
+ return false;
}
forwardToLoginPage(request, response, config);
- return (false);
+ return false;
}
// Yes -- Acknowledge the request, validate the specified credentials
@@ -281,7 +287,7 @@ public class FormAuthenticator
principal = realm.authenticate(username, password);
if (principal == null) {
forwardToErrorPage(request, response, config);
- return (false);
+ return false;
}
if (log.isDebugEnabled()) {
@@ -311,7 +317,7 @@ public class FormAuthenticator
Constants.FORM_REQUEST_NOTE, saved);
response.sendRedirect(response.encodeRedirectURL(uri));
}
- return (false);
+ return false;
}
// Save the authenticated Principal in our session
@@ -345,7 +351,7 @@ public class FormAuthenticator
} else {
response.sendRedirect(response.encodeRedirectURL(requestURI));
}
- return (false);
+ return false;
}
@@ -472,33 +478,33 @@ public class FormAuthenticator
* we signaled after successful authentication?
*
* @param request The request to be verified
+ * @return <code>true</code> if the requests matched the saved one
*/
protected boolean matchRequest(Request request) {
+ // Has a session been created?
+ Session session = request.getSessionInternal(false);
+ if (session == null) {
+ return false;
+ }
- // Has a session been created?
- Session session = request.getSessionInternal(false);
- if (session == null) {
- return (false);
- }
-
- // Is there a saved request?
- SavedRequest sreq = (SavedRequest)
- session.getNote(Constants.FORM_REQUEST_NOTE);
- if (sreq == null) {
- return (false);
- }
+ // Is there a saved request?
+ SavedRequest sreq =
+ (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
+ if (sreq == null) {
+ return false;
+ }
- // Is there a saved principal?
- if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
- return (false);
- }
+ // Is there a saved principal?
+ if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
+ return false;
+ }
- // Does the request URI match?
- String decodedRequestURI = request.getDecodedRequestURI();
- if (decodedRequestURI == null) {
- return (false);
- }
- return (decodedRequestURI.equals(sreq.getDecodedRequestURI()));
+ // Does the request URI match?
+ String decodedRequestURI = request.getDecodedRequestURI();
+ if (decodedRequestURI == null) {
+ return false;
+ }
+ return decodedRequestURI.equals(sreq.getDecodedRequestURI());
}
@@ -510,6 +516,8 @@ public class FormAuthenticator
*
* @param request The request to be restored
* @param session The session containing the saved information
+ * @return <code>true</code> if the request was successfully restored
+ * @throws IOException if an IO error occurred during the process
*/
protected boolean restoreRequest(Request request, Session session)
throws IOException {
@@ -520,7 +528,7 @@ public class FormAuthenticator
session.removeNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
if (saved == null) {
- return (false);
+ return false;
}
// Swallow any request body since we will be replacing it
@@ -608,8 +616,7 @@ public class FormAuthenticator
request.getCoyoteRequest().requestURI().setString
(saved.getRequestURI());
- return (true);
-
+ return true;
}
@@ -618,7 +625,7 @@ public class FormAuthenticator
*
* @param request The request to be saved
* @param session The session to contain the saved information
- * @throws IOException
+ * @throws IOException if an IO error occurred during the process
*/
protected void saveRequest(Request request, Session session)
throws IOException {
@@ -684,20 +691,19 @@ public class FormAuthenticator
* from the saved request so that we can redirect to it.
*
* @param session Our current session
+ * @return the original request URL
*/
protected String savedRequestURL(Session session) {
-
SavedRequest saved =
(SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
if (saved == null) {
- return (null);
+ return null;
}
StringBuilder sb = new StringBuilder(saved.getRequestURI());
if (saved.getQueryString() != null) {
sb.append('?');
sb.append(saved.getQueryString());
}
- return (sb.toString());
-
+ return sb.toString();
}
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 609d8a0..62dee48 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -14,28 +14,23 @@
# limitations under the License.
authenticator.certificates=No client certificate chain in this request
-authenticator.check.authorize=Authorizing connector provided user [{0}] via Tomcat Realm
+authenticator.check.authorize=User name [{0}] obtained from the Connector and trusted to be valid. Obtaining roles for this user from the Tomcat Realm.
authenticator.check.authorizeFail=Realm did not recognise user [{0}]. Creating a Principal with that name and no roles.
authenticator.check.found=Already authenticated [{0}]
authenticator.check.sso=Not authenticated but SSO session ID [{0}] found. Attempting re-authentication.
-authenticator.forbidden=Access to the requested resource has been denied
authenticator.formlogin=Invalid direct reference to form login page
-authenticator.invalid=Invalid client certificate chain in this request
-authenticator.keystore=Exception loading key store
authenticator.loginFail=Login failed
authenticator.manager=Exception initializing trust managers
authenticator.noAuthHeader=No authorization header sent by client
-authenticator.notAuthenticated=Configuration error: Cannot perform access control without an authenticated principal
authenticator.notContext=Configuration error: Must be attached to a Context
authenticator.requestBodyTooBig=The request body was too large to be cached during the authentication process
authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance has failed
authenticator.unauthorized=Cannot authenticate with the provided credentials
-authenticator.userDataConstraint=This request violates a User Data constraint for this application
basicAuthenticator.invalidCharset=The only permitted values are null, the empty string or UTF-8
-digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
+digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
formAuthenticator.forwardLogin=Forwarding request for [{0}] made with method [{1}] to login page [{2}] of context [{3}] using request method GET
diff --git a/java/org/apache/catalina/authenticator/LocalStrings_es.properties b/java/org/apache/catalina/authenticator/LocalStrings_es.properties
index 8915460..f070533 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings_es.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings_es.properties
@@ -14,29 +14,29 @@
# limitations under the License.
authenticator.certificates=No hay cadena de certificados del cliente en esta petición
-authenticator.forbidden=El acceso al recurso pedido ha sido denegado
authenticator.formlogin=Referencia directa al formulario de conexión (página de formulario de login) inválida
-authenticator.invalid=No es válida la cadena de certificados del cliente en esta petición
-authenticator.keystore=Excepción cargando el almacén de claves
authenticator.loginFail=No pude ingresar
authenticator.manager=Excepción inicializando administradores de confianza
authenticator.noAuthHeader=El cliente no ha enviado autorización de cabecera
-authenticator.notAuthenticated=Error de Configuración: No se pueden realizar funciones de control de acceso sin un principal autenticado
authenticator.notContext=Error de Configuración: Debe de estar unido a un Contexto
authenticator.requestBodyTooBig=El cuerpo del requerimiento era demasiado grande para realizar caché durante el proceso de autenticación
authenticator.sessionExpired=El tiempo permitido para realizar login ha sido excedido. Si deseas continuar, debes hacer clik dos veces y volver a hacer clik otra vez o cerrar y reabrir tu navegador
authenticator.unauthorized=Imposible autenticar mediante las credenciales suministradas
-authenticator.userDataConstraint=Esta petición viola una Restrición de Datos de usuario para esta aplicación
-digestAuthenticator.cacheRemove=Se ha quitado una entrada válida de la caché "nonce" del cliente para hacer espacio a nuevas entradas.. Ahora es posible un ataque de reinyección. Para prevenirlos, reduce "nonceValidity" o incrementa "cnonceCacheSize". El resto de mensajes de este tipo serán suspendidos durante 5 minutos.
+digestAuthenticator.cacheRemove=Se ha quitado una entrada válida de la caché "nonce" del cliente para hacer espacio a nuevas entradas.. Ahora es posible un ataque de reinyección. Para prevenirlos, reduce "nonceValidity" o incrementa "nonceCacheSize". El resto de mensajes de este tipo serán suspendidos durante 5 minutos.
formAuthenticator.forwardErrorFail=Error inesperado de reenvío a página de error
formAuthenticator.forwardLoginFail=Error inesperado de reenvío a pagina de ingreso
formAuthenticator.noErrorPage=No se ha definido página de error para la autenticación FORM en el contexto [{0}]
formAuthenticator.noLoginPage=No se ha definido página de ingreso para la autenticación FORM en el contexto [{0}]
+singleSignOn.debug.principalCheck=SSO esta buscando un Principal cacheado para las sesión SSO [{0}]\n
+singleSignOn.debug.principalFound=SSO encontró el Principal cacheado [{0}] con autenticación tipo [{1}]\n
+singleSignOn.debug.removeSession=SSO removiendo la sesión de la aplicación [{0}] SSO con sesión [{1}]\n
+singleSignOn.sessionExpire.hostNotFound=SSO es incapaz de expirar la session [{0}] porque el Host no puede ser encontrado
+singleSignOn.sessionExpire.managerError=SSO incapaz de expirar sesión [{0}] porque el Gerenciador lanzó una excepción mientras buscaba la sesión
+
spnegoAuthenticator.authHeaderNoToken=La cabecera de Negociación de autorización enviada por el cliente no incluía una ficha
spnegoAuthenticator.authHeaderNotNego=La cabecera de autorización enviada por el cliente no comenzaba con Negotiate
-spnegoAuthenticator.hostnameFail=No puedo determinar el nombre de máquina para construir el SPN por defecto. Por favor, pon el atributo "spn" del autenticador.
spnegoAuthenticator.serviceLoginFail=No puedo ingresar como director del servicio
spnegoAuthenticator.ticketValidateFail=No pude validar el billete suministrado por el cliente
diff --git a/java/org/apache/catalina/authenticator/LocalStrings_fr.properties b/java/org/apache/catalina/authenticator/LocalStrings_fr.properties
index b915647..58c8ae2 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings_fr.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings_fr.properties
@@ -14,12 +14,55 @@
# limitations under the License.
authenticator.certificates=Aucune chaîne de certificat client (client certificate chain) dans cette requête
-authenticator.forbidden=L''accès à la ressource demandée a été interdit
-authenticator.formlogin=Référence directe à la form de connexion (form login page) invalide
-authenticator.invalid=Chaîne de certificat client invalide dans cette requête
-authenticator.keystore=Exception lors du chargement du référentiel de clefs (key store)
-authenticator.manager=Exception lors de l''initialisation des gestionnaires d''authentification (trust managers)
-authenticator.notAuthenticated=Erreur de configuration: Impossible de procéder à un contrôle d''accès sans un principal authentifié (authenticated principal)
+authenticator.check.authorize=Le nom d''utilisateur [{0}] obtenu à partir du connecteur est considéré comme de valide et de confiance, les rôles sont obtenus à partir du royaume
+authenticator.check.authorizeFail=Le royaume ne reconnait pas l''utilisateur [{0}], un principal a été crée avec ce nom mais sans rôles
+authenticator.check.found=Déjà authentifié [{0}]
+authenticator.check.sso=Pas d''authentification mais un session ID SSO [{0}] a été trouvé, nouvelle tentative d''authentification
+authenticator.formlogin=Référence directe au formulaire de connexion (form login page) invalide
+authenticator.loginFail=Échec de connexion ("Login failed")
+authenticator.manager=Exception lors de l'initialisation des gestionnaires d'authentification (trust managers)
+authenticator.noAuthHeader=Aucun en-tête d'autorisation envoyé par le client
authenticator.notContext=Erreur de configuration: Doit être attaché à un contexte
-authenticator.unauthorized=Impossible d''authentifier avec les crédits fournis (provided credentials)
-authenticator.userDataConstraint=Cette requête viole une contrainte donnée utilisateur (user data constraint) pour cette application
+authenticator.requestBodyTooBig=Le corps de la requête était trop grand pour être mis en cache pendant le processus d'authentification
+authenticator.sessionExpired=Le temps alloué au processus de login est échu. Si vous désirez continuer, veuillez soit retourner en arrière 2 fois et recliquer le lien demandé, soit fermer et ré-ouvrir votre navigateur
+authenticator.tomcatPrincipalLogoutFail=La déconnection avec l'instance de TomcatPrincipal a échoué
+authenticator.unauthorized=Impossible d'authentifier avec les crédits fournis (provided credentials)
+
+basicAuthenticator.invalidCharset=Les seules valeurs permises sont null, la chaîne vide, ou des caractères UTF-8
+
+digestAuthenticator.cacheRemove=Une entrée valide du cache de nonce des clients a été enlevée pour faire de la place pour de nouvelles entrées, ce qui rend possible une attaque par répétition; pour éviter cela, il est possible de reduire nonceValidity ou d'augmenter nonceCacheSize; les avertissements de ce type ne se reproduiront pas avant 5 minutes
+
+formAuthenticator.forwardErrorFail=Erreur inattendue lors de la transmission à la page d'erreur
+formAuthenticator.forwardLogin=Transmission de la requête pour [{0}] faite avec la méthode [{1}] à la page de connection [{2}] du contexte [{3}] en utilisant la méthode GET
+formAuthenticator.forwardLoginFail=Erreur inattendue lors de la transmission à la page de connection
+formAuthenticator.noErrorPage=Aucune page d''erreur n''a été définie pour la méthode d''authentification FORM dans le contexte [{0}]
+formAuthenticator.noLoginPage=Aucune page de connection n''a été définie pour la méthode d''authentification FORM dans le contexte [{0}]
+
+singleSignOn.debug.associate=Association de la session [{1}] de l''application avec la session SSO [{0}]
+singleSignOn.debug.associateFail=Le SSO n''a pu associer la session [{0}] de l''application car la session SSO [{1}] n''existe pas
+singleSignOn.debug.cookieCheck=Le SSO recherche un cookie SSO.
+singleSignOn.debug.cookieNotFound=Le SSO n'a pas trouvé de cookie SSO
+singleSignOn.debug.deregister=Le SSO expire la session [{0}] de l''application associée à la session SSO [{1}]
+singleSignOn.debug.deregisterFail=Le SSO n''a pu déenregistrer la session SSO [{0}] parce qu''elle n''est pas dans le cache
+singleSignOn.debug.deregisterNone=Le SSO a désenregistré la session SSO [{0}] mais n''a trouvé aucune session d''application associée
+singleSignOn.debug.hasPrincipal=Le SSO a trouvé un principal [{0}] précédemment authentifié
+singleSignOn.debug.invoke=Le SSO traite la requête pour [{0}]
+singleSignOn.debug.principalCheck=Le SSO recherche le Principal en cache pour la session SSO [{0}]
+singleSignOn.debug.principalFound=Le SSO a trouvé en cache le Principal [{0}] avec le type d''authentification [{1}]
+singleSignOn.debug.principalNotFound=Le SSO n''a pas trouvé de principal en cache, le cookie SSO de la session [{0}] est effacé
+singleSignOn.debug.register=Enregistrement de la session SSO [{0}] pour l''utilisateur [{1}] avec le type d''authentification [{2}]
+singleSignOn.debug.removeSession=Le SSO retire la session applicative [{0}] de la session SSO [{1}]
+singleSignOn.debug.sessionLogout=Le SSO effectue une déconnection pour la session SSO [{0}] et la session [{1}] de l''application
+singleSignOn.debug.sessionTimeout=Le SSO traite un timeout pour la session SSO [{0}] et la session [{1}] de l''application
+singleSignOn.debug.update=Le SSO met à jour la session SSO [{0}] avec le type d''authentification [{1}]
+singleSignOn.sessionExpire.contextNotFound=Le SSO n''a pu faire expirer la session [{0}] parce que le contexte n''a pas été trouvé
+singleSignOn.sessionExpire.engineNull=Le SSO n''a pu faire expirer la session [{0}] parce que le moteur est null
+singleSignOn.sessionExpire.hostNotFound=SSO ne peut pas expirer le session [{0}] parce l''hôte ("Host") n''a a pas été trouvé
+singleSignOn.sessionExpire.managerError=Impossible d''expirer la session [{0}] parce que le Manager a lancé une exception lors de la recherche de la session
+singleSignOn.sessionExpire.managerNotFound=Le SSO n''a pu faire expirer la session [{0}] parce que le gestionnaire de sessions n''a pas été trouvé
+singleSignOn.sessionExpire.sessionNotFound=Impossible d''expirer la session [{0}] parce que la session n''a pas été trouvée
+
+spnegoAuthenticator.authHeaderNoToken=L'en-tête de négociation d’autorisation ("Negotiate authorization header") envoyé par le client n'incluait pas de jeton ("token")
+spnegoAuthenticator.authHeaderNotNego=L'en-tête d'autorisation envoyé par le client ne commence pas par Negotiate
+spnegoAuthenticator.serviceLoginFail=Impossible de se connecteur en tant que principal de service
+spnegoAuthenticator.ticketValidateFail=Impossible de valider le ticket fourni par le client
diff --git a/java/org/apache/catalina/authenticator/LocalStrings_ja.properties b/java/org/apache/catalina/authenticator/LocalStrings_ja.properties
index 593d531..0726b01 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings_ja.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings_ja.properties
@@ -14,13 +14,55 @@
# limitations under the License.
authenticator.certificates=このリクエストにはクライアント認証チェーンがありません
-authenticator.forbidden=リクエストされたリソースへのアクセスが拒否されました
+authenticator.check.authorize=Connector から取得したユーザー名 [{0}] を正当なものとして信頼します。ユーザーのロールは Tomcat Realmから取得します。
+authenticator.check.authorizeFail=Realm がユーザー[{0}]を認識しませんでした。 その名前とロールのないプリンシパルを作成します。
+authenticator.check.found=既に認証された[{0}]
+authenticator.check.sso=認証されていませんが、SSOセッションID [{0}]が見つかりました。 再認証を試みます。
authenticator.formlogin=フォームログインページへの無効な直接参照です
-authenticator.invalid=このリクエストに無効なクライアント認証チェーンがあります
-authenticator.keystore=キーストアをロード中の例外です
+authenticator.loginFail=ログイン失敗
authenticator.manager=トラストマネージャを初期化中の例外です
-authenticator.notAuthenticated=設定エラー: 認証された主体なしにアクセス制御を実行できません
+authenticator.noAuthHeader=クライアントは認証ヘッダーを送信しませんでした。
authenticator.notContext=設定エラー: コンテキストに指定しなければいけません
+authenticator.requestBodyTooBig=認証処理中にリクエストボディが大きすぎてキャッシュされませんでした。
authenticator.sessionExpired=ログインプロセスに認められていた時間が過ぎました。継続したいならば,バックボタンを2度押してから再度リンクを押すか,ブラウザを立ち上げ直してください
-authenticator.unauthorized=用意された証明書で認証できません
-authenticator.userDataConstraint=このリクエストは、このアプリケーションのユーザデータの制限に違反しています
+authenticator.tomcatPrincipalLogoutFail=TomcatPrincipal インスタンスによるログアウトが失敗しました。
+authenticator.unauthorized=提供された証明書で認証できません
+
+basicAuthenticator.invalidCharset=指定できる値は、null、空の文字列またはUTF-8です。
+
+digestAuthenticator.cacheRemove=有効なエントリがクライアントのnonceキャッシュから削除され、新しいエントリのためのスペースが確保されました。 リプレイ攻撃が可能になりました。 リプレイ攻撃の可能性を防ぐには、nonceValidityを減らすか、nonceCacheSizeを増やしてください。 このタイプの警告は5分間表示されなくなります。
+
+formAuthenticator.forwardErrorFail=予期せぬ異常によりエラーページへ転送します。
+formAuthenticator.forwardLogin=リクエストメソッドGETを使用してコンテキスト[{3}]のページ[{2}]にメソッド[{1}]で行われた[{0}]の要求をフォワードします。
+formAuthenticator.forwardLoginFail=ログインページへの転送での予期しないエラー
+formAuthenticator.noErrorPage=コンテキスト[{0}]のFORM認証にエラーページが定義されていません
+formAuthenticator.noLoginPage=コンテキスト[{0}]のFORM認証にログインページが定義されていません。
+
+singleSignOn.debug.associate=SSOはアプリケーションセッション[{1}]をSSOセッション[{0}]に関連付けます
+singleSignOn.debug.associateFail=SSOセッション[{1}]が存在しないため、SSOはアプリケーションセッション[{0}]を関連付けられませんでした。
+singleSignOn.debug.cookieCheck=SSOがSSOクッキーをチェックします
+singleSignOn.debug.cookieNotFound=SSOはSSO Cookieを検出しませんでした。
+singleSignOn.debug.deregister=SSOセッション[{1}]に関連付けられたアプリケーションセッション[{0}]を期限切れにします。
+singleSignOn.debug.deregisterFail=キャッシュにないため、SSOセッション[{0}]の登録を解除できませんでした。
+singleSignOn.debug.deregisterNone=SSOセッション[{0}]の登録を解除しましたが、関連するアプリケーションセッションが見つかりませんでした。
+singleSignOn.debug.hasPrincipal=SSOが以前に認証されたプリンシパル[{0}]を検出しました
+singleSignOn.debug.invoke=[{0}]に対するSSO処理リクエスト
+singleSignOn.debug.principalCheck=SSOセッションのキャッシュされたプリンシパルを探すSSO [{0}]
+singleSignOn.debug.principalFound=SSO のキャッシュされたプリンシパル [{0}] を取得しました。認証タイプは [{1}] です。
+singleSignOn.debug.principalNotFound=SSOはキャッシュされたプリンシパルを検出しませんでした。 セッション[{0}]のSSO Cookieを消去しています。
+singleSignOn.debug.register=認証タイプ[{2}]のユーザー[{1}]のSSOセッション[{0}]を登録しているSSO
+singleSignOn.debug.removeSession=SSOセッション[{1}]からのアプリケーションセッション[{0}]の削除
+singleSignOn.debug.sessionLogout=SSOセッション[{0}]とアプリケーションセッション[{1}]のログアウトを処理するSSO。
+singleSignOn.debug.sessionTimeout=SSOはSSOセッション[{0}]とアプリケーションセッション[{1}]のタイムアウト処理中
+singleSignOn.debug.update=SSOはSSOセッション[{0}]を認証タイプ[{1}]に更新します。
+singleSignOn.sessionExpire.contextNotFound=Contextが見つからないため、SSOはセッション[{0}]を期限切れにできません
+singleSignOn.sessionExpire.engineNull=Engine がNullだったため、SSOはセッション[{0}]を期限切れにできません。
+singleSignOn.sessionExpire.hostNotFound=ホストが見つからないため SSO セッション [{0}] を失効できません。
+singleSignOn.sessionExpire.managerError=セッションを検索するときにManagerが例外をスローしたため、SSOはセッション[{0}]を期限切れにできません
+singleSignOn.sessionExpire.managerNotFound=Managerが見つからなかったので、SSOはセッション[{0}]を期限切れにできません。
+singleSignOn.sessionExpire.sessionNotFound=セッションが見つかりませんでしたので、SSOはセッション[{0}]を期限切れにできません。
+
+spnegoAuthenticator.authHeaderNoToken=クライアントから受信した Negoiate 認証ヘッダにはトークンがありません。
+spnegoAuthenticator.authHeaderNotNego=クライアントから受信した認証ヘッダーは Negotiate から始まっていません。
+spnegoAuthenticator.serviceLoginFail=サービスプリンシパルとしてログインできません
+spnegoAuthenticator.ticketValidateFail=クライアント提供のチケットの検証に失敗しました。
diff --git a/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java b/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
index d03a95e..615c812 100644
--- a/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.authenticator;
-
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
@@ -35,8 +32,7 @@ import org.apache.catalina.deploy.LoginConfig;
* @author Craig R. McClanahan
*/
-public final class NonLoginAuthenticator
- extends AuthenticatorBase {
+public final class NonLoginAuthenticator extends AuthenticatorBase {
// ----------------------------------------------------- Instance Variables
@@ -80,7 +76,7 @@ public final class NonLoginAuthenticator
* Therefore, it is necessary to always return <code>true</code> to
* indicate the user has not failed authentication.</p>
*
- * <p>There are two cases:
+ * <p>There are two cases:</p>
* <ul>
* <li>without SingleSignon: a Session instance does not yet exist
* and there is no <code>auth-method</code> to authenticate the
@@ -98,7 +94,7 @@ public final class NonLoginAuthenticator
* keep the SSOE "alive", even if all the other properly
* authenticated Sessions expire first... until it expires too.
* </li>
- * </ul></p>
+ * </ul>
*
* @param request Request we are processing
* @param response Response we are creating
diff --git a/java/org/apache/catalina/authenticator/SSLAuthenticator.java b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
index 20e6909..a18eda2 100644
--- a/java/org/apache/catalina/authenticator/SSLAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SSLAuthenticator.java
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.authenticator;
-
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
@@ -37,14 +34,11 @@ import org.apache.catalina.deploy.LoginConfig;
*
* @author Craig R. McClanahan
*/
-
-public class SSLAuthenticator
- extends AuthenticatorBase {
+public class SSLAuthenticator extends AuthenticatorBase {
// ------------------------------------------------------------- Properties
-
/**
* Descriptive information about this implementation.
*/
@@ -65,7 +59,6 @@ public class SSLAuthenticator
// --------------------------------------------------------- Public Methods
-
/**
* Authenticate the user by checking for the existence of a certificate
* chain, validating it against the trust manager for the connector and then
@@ -97,14 +90,16 @@ public class SSLAuthenticator
}
// Retrieve the certificate chain for this client
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug(" Looking up certificates");
+ }
X509Certificate certs[] = getRequestCertificates(request);
if ((certs == null) || (certs.length < 1)) {
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug(" No certificates included with this request");
+ }
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
sm.getString("authenticator.certificates"));
return false;
@@ -113,17 +108,18 @@ public class SSLAuthenticator
// Authenticate the specified certificate chain
Principal principal = context.getRealm().authenticate(certs);
if (principal == null) {
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug(" Realm.authenticate() returned false");
+ }
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
sm.getString("authenticator.unauthorized"));
- return (false);
+ return false;
}
// Cache the principal (if requested) and record this authentication
register(request, response, principal,
HttpServletRequest.CLIENT_CERT_AUTH, null, null);
- return (true);
+ return true;
}
diff --git a/java/org/apache/catalina/authenticator/SavedRequest.java b/java/org/apache/catalina/authenticator/SavedRequest.java
index 3899e17..36f4eb8 100644
--- a/java/org/apache/catalina/authenticator/SavedRequest.java
+++ b/java/org/apache/catalina/authenticator/SavedRequest.java
@@ -22,7 +22,9 @@ package org.apache.catalina.authenticator;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Locale;
+import java.util.Map;
import javax.servlet.http.Cookie;
@@ -42,32 +44,30 @@ import org.apache.tomcat.util.buf.ByteChunk;
*/
public final class SavedRequest {
-
/**
* The set of Cookies associated with this Request.
*/
- private ArrayList<Cookie> cookies = new ArrayList<Cookie>();
+ private final List<Cookie> cookies = new ArrayList<Cookie>();
public void addCookie(Cookie cookie) {
cookies.add(cookie);
}
public Iterator<Cookie> getCookies() {
- return (cookies.iterator());
+ return cookies.iterator();
}
/**
* The set of Headers associated with this Request. Each key is a header
- * name, while the value is a ArrayList containing one or more actual
+ * name, while the value is a List containing one or more actual
* values for this header. The values are returned as an Iterator when
* you ask for them.
*/
- private HashMap<String,ArrayList<String>> headers =
- new HashMap<String,ArrayList<String>>();
+ private Map<String,List<String>> headers = new HashMap<String,List<String>>();
public void addHeader(String name, String value) {
- ArrayList<String> values = headers.get(name);
+ List<String> values = headers.get(name);
if (values == null) {
values = new ArrayList<String>();
headers.put(name, values);
@@ -76,29 +76,29 @@ public final class SavedRequest {
}
public Iterator<String> getHeaderNames() {
- return (headers.keySet().iterator());
+ return headers.keySet().iterator();
}
public Iterator<String> getHeaderValues(String name) {
- ArrayList<String> values = headers.get(name);
+ List<String> values = headers.get(name);
if (values == null)
- return ((new ArrayList<String>()).iterator());
+ return (new ArrayList<String>()).iterator();
else
- return (values.iterator());
+ return values.iterator();
}
/**
* The set of Locales associated with this Request.
*/
- private ArrayList<Locale> locales = new ArrayList<Locale>();
+ private final List<Locale> locales = new ArrayList<Locale>();
public void addLocale(Locale locale) {
locales.add(locale);
}
public Iterator<Locale> getLocales() {
- return (locales.iterator());
+ return locales.iterator();
}
@@ -108,7 +108,7 @@ public final class SavedRequest {
private String method = null;
public String getMethod() {
- return (this.method);
+ return this.method;
}
public void setMethod(String method) {
@@ -122,7 +122,7 @@ public final class SavedRequest {
private String queryString = null;
public String getQueryString() {
- return (this.queryString);
+ return this.queryString;
}
public void setQueryString(String queryString) {
@@ -136,7 +136,7 @@ public final class SavedRequest {
private String requestURI = null;
public String getRequestURI() {
- return (this.requestURI);
+ return this.requestURI;
}
public void setRequestURI(String requestURI) {
@@ -151,7 +151,7 @@ public final class SavedRequest {
private String decodedRequestURI = null;
public String getDecodedRequestURI() {
- return (this.decodedRequestURI);
+ return this.decodedRequestURI;
}
public void setDecodedRequestURI(String decodedRequestURI) {
@@ -165,7 +165,7 @@ public final class SavedRequest {
private ByteChunk body = null;
public ByteChunk getBody() {
- return (this.body);
+ return this.body;
}
public void setBody(ByteChunk body) {
@@ -178,7 +178,7 @@ public final class SavedRequest {
private String contentType = null;
public String getContentType() {
- return (this.contentType);
+ return this.contentType;
}
public void setContentType(String contentType) {
diff --git a/java/org/apache/catalina/authenticator/SingleSignOn.java b/java/org/apache/catalina/authenticator/SingleSignOn.java
index ea13476..dbc158a 100644
--- a/java/org/apache/catalina/authenticator/SingleSignOn.java
+++ b/java/org/apache/catalina/authenticator/SingleSignOn.java
@@ -72,7 +72,7 @@ public class SingleSignOn extends ValveBase {
}
}
- private static final StringManager sm = StringManager.getManager(Constants.Package);
+ private static final StringManager sm = StringManager.getManager(SingleSignOn.class);
/* The engine at the top of the container hierarchy in which this SSO Valve
* has been placed. It is used to get back to a session object from a
@@ -635,7 +635,7 @@ public class SingleSignOn extends ValveBase {
while (c != null && !(c instanceof Engine)) {
c = c.getParent();
}
- if (c instanceof Engine) {
+ if (c != null) {
engine = (Engine) c;
}
super.startInternal();
diff --git a/java/org/apache/catalina/authenticator/SingleSignOnEntry.java b/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
index 3a1b4dd..c0f6bb9 100644
--- a/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
+++ b/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
@@ -86,6 +86,7 @@ public class SingleSignOnEntry implements Serializable {
*
* @param sso The <code>SingleSignOn</code> valve that is managing
* the SSO session.
+ * @param ssoId The ID of the SSO session.
* @param session The <code>Session</code> being associated with the SSO.
*/
public void addSession(SingleSignOn sso, String ssoId, Session session) {
diff --git a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
index aa9fe03..ada38e3 100644
--- a/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
@@ -47,7 +47,6 @@ import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
-
/**
* A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java
* 6. Successful Kerberos authentication depends on the correct configuration of
@@ -58,6 +57,7 @@ import org.ietf.jgss.Oid;
public class SpnegoAuthenticator extends AuthenticatorBase {
private final Log log = LogFactory.getLog(SpnegoAuthenticator.class); // must not be static
+ private static final String AUTH_HEADER_VALUE_NEGOTIATE = "Negotiate";
private String loginConfigName = Constants.DEFAULT_LOGIN_MODULE_NAME;
public String getLoginConfigName() {
@@ -157,7 +157,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.noAuthHeader"));
}
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
@@ -170,7 +170,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
log.debug(sm.getString(
"spnegoAuthenticator.authHeaderNotNego"));
}
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
@@ -190,7 +190,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
log.debug(sm.getString(
"spnegoAuthenticator.authHeaderNoToken"));
}
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
@@ -243,7 +243,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
"spnegoAuthenticator.ticketValidateFail"));
}
// Start again
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
@@ -255,7 +255,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
if (log.isDebugEnabled()) {
log.debug(sm.getString("spnegoAuthenticator.ticketValidateFail"), e);
}
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
} catch (PrivilegedActionException e) {
@@ -267,7 +267,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
} else {
log.error(sm.getString("spnegoAuthenticator.serviceLoginFail"), e);
}
- response.setHeader("WWW-Authenticate", "Negotiate");
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
} finally {
@@ -288,7 +288,7 @@ public class SpnegoAuthenticator extends AuthenticatorBase {
}
// Send response token on success and failure
- response.setHeader("WWW-Authenticate", "Negotiate "
+ response.setHeader(AUTH_HEADER_NAME, AUTH_HEADER_VALUE_NEGOTIATE + " "
+ Base64.encodeBase64String(outToken));
if (principal != null) {
diff --git a/java/org/apache/catalina/authenticator/mbeans-descriptors.xml b/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
index c07c26e..de95ae4 100644
--- a/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
diff --git a/java/org/apache/catalina/authenticator/package.html b/java/org/apache/catalina/authenticator/package.html
index 5e8736d..15b04ff 100644
--- a/java/org/apache/catalina/authenticator/package.html
+++ b/java/org/apache/catalina/authenticator/package.html
@@ -48,7 +48,7 @@ following JavaBeans properties (with default values in square brackets):</p>
<li><b>DigestAuthenticator</b> - Implements HTTP DIGEST authentication, as
described in RFC 2617.</li>
<li><b>FormAuthenticator</b> - Implements FORM-BASED authentication, as
- described in the Servlet API Specification, version 2.2.</li>
+ described in the Servlet API Specification.</li>
</ul>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org