You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/11 14:12:57 UTC
svn commit: r889606 - in
/tomcat/trunk/java/org/apache/catalina/authenticator:
FormAuthenticator.java LocalStrings.properties
Author: markt
Date: Fri Dec 11 13:12:57 2009
New Revision: 889606
URL: http://svn.apache.org/viewvc?rev=889606&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537
Return an error page if a forward during form auth fails rather than a zero length 200 response.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=889606&r1=889605&r2=889606&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Fri Dec 11 13:12:57 2009
@@ -30,6 +30,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Globals;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
@@ -307,16 +308,24 @@
* @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
+ * @throws IOException If the forward to the login page fails and the call
+ * to {@link HttpServletResponse#sendError(int, String)
+ * throws an {@link IOException}
*/
protected void forwardToLoginPage(Request request,
- HttpServletResponse response, LoginConfig config) {
+ HttpServletResponse response, LoginConfig config)
+ throws IOException {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
disp.forward(request.getRequest(), response);
} catch (Throwable t) {
- log.warn("Unexpected error forwarding to login page", t);
+ String msg = sm.getString("formAuthenticator.forwardLoginFail");
+ log.warn(msg, t);
+ request.setAttribute(Globals.EXCEPTION_ATTR, t);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ msg);
}
}
@@ -328,16 +337,24 @@
* @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
+ * @throws IOException If the forward to the error page fails and the call
+ * to {@link HttpServletResponse#sendError(int, String)
+ * throws an {@link IOException}
*/
protected void forwardToErrorPage(Request request,
- HttpServletResponse response, LoginConfig config) {
+ HttpServletResponse response, LoginConfig config)
+ throws IOException {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
disp.forward(request.getRequest(), response);
} catch (Throwable t) {
- log.warn("Unexpected error forwarding to error page", t);
+ String msg = sm.getString("formAuthenticator.forwardErrorFail");
+ log.warn(msg, t);
+ request.setAttribute(Globals.EXCEPTION_ATTR, t);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ msg);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=889606&r1=889605&r2=889606&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Fri Dec 11 13:12:57 2009
@@ -27,3 +27,6 @@
authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
authenticator.unauthorized=Cannot authenticate with the provided credentials
authenticator.userDataConstraint=This request violates a User Data constraint for this application
+
+formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
+formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org