You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/11/17 10:18:32 UTC
[tomcat] branch 10.1.x updated: Improve the behavior of the credential handler attribute
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5838094134 Improve the behavior of the credential handler attribute
5838094134 is described below
commit 58380941342bd42eaa8a6bbed43835d7a6401a6c
Author: remm <re...@apache.org>
AuthorDate: Thu Nov 17 11:14:56 2022 +0100
Improve the behavior of the credential handler attribute
This will now set a Servlet context attribute if a Realm is used by the
Context. Also CombinedRealm get a credential handler that will produce
results by asking the nested realms.
---
java/org/apache/catalina/core/StandardContext.java | 9 ++++--
java/org/apache/catalina/realm/CombinedRealm.java | 35 ++++++++++++++++++++++
webapps/docs/changelog.xml | 5 ++++
3 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
index 2028d76f00..a38214cca8 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -5034,23 +5034,26 @@ public class StandardContext extends ContainerBase
getLogger();
Realm realm = getRealmInternal();
- if(null != realm) {
+ if (null != realm) {
if (realm instanceof Lifecycle) {
((Lifecycle) realm).start();
}
+ }
+ realm = getRealm();
+ if (null != realm) {
// Place the CredentialHandler into the ServletContext so
// applications can have access to it. Wrap it in a "safe"
// handler so application's can't modify it.
CredentialHandler safeHandler = new CredentialHandler() {
@Override
public boolean matches(String inputCredentials, String storedCredentials) {
- return getRealmInternal().getCredentialHandler().matches(inputCredentials, storedCredentials);
+ return getRealm().getCredentialHandler().matches(inputCredentials, storedCredentials);
}
@Override
public String mutate(String inputCredentials) {
- return getRealmInternal().getCredentialHandler().mutate(inputCredentials);
+ return getRealm().getCredentialHandler().mutate(inputCredentials);
}
};
context.setAttribute(Globals.CREDENTIAL_HANDLER, safeHandler);
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java
index 573441f79c..eaf46cecd1 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -253,6 +253,12 @@ public class CombinedRealm extends RealmBase {
}
}
}
+
+ if (getCredentialHandler() == null) {
+ // Set a credential handler that will ask the nested realms so that it can
+ // be set by the context in the attributes, it won't be used directly
+ super.setCredentialHandler(new CombinedRealmCredentialHandler());
+ }
super.startInternal();
}
@@ -469,4 +475,33 @@ public class CombinedRealm extends RealmBase {
log.warn(sm.getString("combinedRealm.setCredentialHandler"));
super.setCredentialHandler(credentialHandler);
}
+
+ private class CombinedRealmCredentialHandler implements CredentialHandler {
+
+ @Override
+ public boolean matches(String inputCredentials,
+ String storedCredentials) {
+ for (Realm realm : realms) {
+ if (realm.getCredentialHandler().matches(inputCredentials, storedCredentials)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public String mutate(String inputCredentials) {
+ if (realms.isEmpty()) {
+ return null;
+ }
+ for (Realm realm : realms) {
+ String mutatedCredentials = realm.getCredentialHandler().mutate(inputCredentials);
+ if (mutatedCredentials != null) {
+ return mutatedCredentials;
+ }
+ }
+ return null;
+ }
+
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 26d06bb7bd..4d89fe541c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,11 @@
on the migration tool for Jakarta EE if configured to use the converter
as classes are loaded. (markt)
</fix>
+ <fix>
+ Improve the behavior of the credential handler attribute that is set in
+ the Servlet context so that it actually reflects what is used during
+ authentication. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org