You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/11/17 10:27:53 UTC
[tomcat] branch 8.5.x updated: Improve the behavior of the credential handler attribute
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 18bb5ec0c7 Improve the behavior of the credential handler attribute
18bb5ec0c7 is described below
commit 18bb5ec0c7d8de4bedc8c9a37798e7f6713d24c2
Author: remm <re...@apache.org>
AuthorDate: Thu Nov 17 11:14:56 2022 +0100
Improve the behavior of the credential handler attribute
This will now set a Servlet context attribute if a Realm is used by the
Context. Also CombinedRealm get a credential handler that will produce
results by asking the nested realms.
---
java/org/apache/catalina/core/StandardContext.java | 9 ++++--
java/org/apache/catalina/realm/CombinedRealm.java | 35 ++++++++++++++++++++++
webapps/docs/changelog.xml | 9 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
index 2156995af9..1458b10c1e 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -5101,23 +5101,26 @@ public class StandardContext extends ContainerBase
getLogger();
Realm realm = getRealmInternal();
- if(null != realm) {
+ if (null != realm) {
if (realm instanceof Lifecycle) {
((Lifecycle) realm).start();
}
+ }
+ realm = getRealm();
+ if (null != realm) {
// Place the CredentialHandler into the ServletContext so
// applications can have access to it. Wrap it in a "safe"
// handler so application's can't modify it.
CredentialHandler safeHandler = new CredentialHandler() {
@Override
public boolean matches(String inputCredentials, String storedCredentials) {
- return getRealmInternal().getCredentialHandler().matches(inputCredentials, storedCredentials);
+ return getRealm().getCredentialHandler().matches(inputCredentials, storedCredentials);
}
@Override
public String mutate(String inputCredentials) {
- return getRealmInternal().getCredentialHandler().mutate(inputCredentials);
+ return getRealm().getCredentialHandler().mutate(inputCredentials);
}
};
context.setAttribute(Globals.CREDENTIAL_HANDLER, safeHandler);
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java
index dc2c23eaa5..0f5eca6158 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -260,6 +260,12 @@ public class CombinedRealm extends RealmBase {
}
}
}
+
+ if (getCredentialHandler() == null) {
+ // Set a credential handler that will ask the nested realms so that it can
+ // be set by the context in the attributes, it won't be used directly
+ super.setCredentialHandler(new CombinedRealmCredentialHandler());
+ }
super.startInternal();
}
@@ -492,4 +498,33 @@ public class CombinedRealm extends RealmBase {
log.warn(sm.getString("combinedRealm.setCredentialHandler"));
super.setCredentialHandler(credentialHandler);
}
+
+ private class CombinedRealmCredentialHandler implements CredentialHandler {
+
+ @Override
+ public boolean matches(String inputCredentials,
+ String storedCredentials) {
+ for (Realm realm : realms) {
+ if (realm.getCredentialHandler().matches(inputCredentials, storedCredentials)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public String mutate(String inputCredentials) {
+ if (realms.isEmpty()) {
+ return null;
+ }
+ for (Realm realm : realms) {
+ String mutatedCredentials = realm.getCredentialHandler().mutate(inputCredentials);
+ if (mutatedCredentials != null) {
+ return mutatedCredentials;
+ }
+ }
+ return null;
+ }
+
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 143f984f32..07ee06fe8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.85 (schultz)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Improve the behavior of the credential handler attribute that is set in
+ the Servlet context so that it actually reflects what is used during
+ authentication. (remm)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<scode>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org