You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/11 14:12:57 UTC

svn commit: r889606 - in /tomcat/trunk/java/org/apache/catalina/authenticator: FormAuthenticator.java LocalStrings.properties

Author: markt
Date: Fri Dec 11 13:12:57 2009
New Revision: 889606

URL: http://svn.apache.org/viewvc?rev=889606&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537
Return an error page if a forward during form auth fails rather than a zero length 200 response.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
    tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=889606&r1=889605&r2=889606&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Fri Dec 11 13:12:57 2009
@@ -30,6 +30,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.Globals;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -307,16 +308,24 @@
      * @param response Response we are populating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the login page fails and the call
+     *                      to {@link HttpServletResponse#sendError(int, String)
+     *                      throws an {@link IOException}
      */
     protected void forwardToLoginPage(Request request,
-            HttpServletResponse response, LoginConfig config) {
+            HttpServletResponse response, LoginConfig config)
+            throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getLoginPage());
         try {
             disp.forward(request.getRequest(), response);
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to login page", t);
+            String msg = sm.getString("formAuthenticator.forwardLoginFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 
@@ -328,16 +337,24 @@
      * @param response Response we are populating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the error page fails and the call
+     *                      to {@link HttpServletResponse#sendError(int, String)
+     *                      throws an {@link IOException}
      */
     protected void forwardToErrorPage(Request request,
-            HttpServletResponse response, LoginConfig config) {
+            HttpServletResponse response, LoginConfig config)
+            throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getErrorPage());
         try {
             disp.forward(request.getRequest(), response);
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to error page", t);
+            String msg = sm.getString("formAuthenticator.forwardErrorFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=889606&r1=889605&r2=889606&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Fri Dec 11 13:12:57 2009
@@ -27,3 +27,6 @@
 authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
 authenticator.unauthorized=Cannot authenticate with the provided credentials
 authenticator.userDataConstraint=This request violates a User Data constraint for this application
+
+formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
+formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org