You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2005/01/07 11:06:38 UTC
cvs commit: jakarta-tomcat-catalina/webapps/docs/config valve.xml
markt 2005/01/07 02:06:38
Modified: catalina/src/share/org/apache/catalina/authenticator
FormAuthenticator.java
catalina/src/share/org/apache/catalina/realm RealmBase.java
webapps/docs changelog.xml realm-howto.xml
webapps/docs/config valve.xml
Log:
Fix bug 31198. Support non-ASCII user names and passwords in FORM and
DIGEST authentication.
- Ported from TC4.
Revision Changes Path
1.15 +27 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
Index: FormAuthenticator.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- FormAuthenticator.java 27 Aug 2004 23:56:11 -0000 1.14
+++ FormAuthenticator.java 7 Jan 2005 10:06:38 -0000 1.15
@@ -65,6 +65,13 @@
protected static final String info =
"org.apache.catalina.authenticator.FormAuthenticator/1.0";
+ /**
+ * Character encoding to use to read the username and password parameters
+ * from the request. If not set, the encoding of the request body will be
+ * used.
+ */
+ protected String characterEncoding = null;
+
// ------------------------------------------------------------- Properties
@@ -79,6 +86,22 @@
}
+ /**
+ * Return the character encoding to use to read the username and password.
+ */
+ public String getCharacterEncoding() {
+ return characterEncoding;
+ }
+
+
+ /**
+ * Set the character encoding to be used to read the username and password.
+ */
+ public void setCharacterEncoding(String encoding) {
+ characterEncoding = encoding;
+ }
+
+
// --------------------------------------------------------- Public Methods
@@ -223,6 +246,9 @@
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
Realm realm = context.getRealm();
+ if (characterEncoding != null) {
+ request.setCharacterEncoding(characterEncoding);
+ }
String username = request.getParameter(Constants.FORM_USERNAME);
String password = request.getParameter(Constants.FORM_PASSWORD);
if (log.isDebugEnabled())
1.45 +21 -7 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- RealmBase.java 9 Dec 2004 13:56:35 -0000 1.44
+++ RealmBase.java 7 Jan 2005 10:06:38 -0000 1.45
@@ -1135,8 +1135,10 @@
* @param credentials Password or other credentials to use in
* authenticating this username
* @param algorithm Algorithm used to do the digest
+ * @param encoding Character encoding of the string to digest
*/
- public final static String Digest(String credentials, String algorithm) {
+ public final static String Digest(String credentials, String algorithm,
+ String encoding) {
try {
// Obtain a new message digest with "digest" encryption
@@ -1145,7 +1147,11 @@
// encode the credentials
// Should use the digestEncoding, but that's not a static field
- md.update(credentials.getBytes());
+ if (encoding == null) {
+ md.update(credentials.getBytes());
+ } else {
+ md.update(credentials.getBytes(encoding));
+ }
// Digest the credentials and return as hexadecimal
return (HexUtils.convert(md.digest()));
@@ -1164,14 +1170,22 @@
*/
public static void main(String args[]) {
- if(args.length > 2 && args[0].equalsIgnoreCase("-a")) {
- for(int i=2; i < args.length ; i++){
+ String encoding = null;
+ int firstCredentialArg = 2;
+
+ if (args.length > 4 && args[2].equalsIgnoreCase("-e")) {
+ encoding = args[3];
+ firstCredentialArg = 4;
+ }
+
+ if(args.length > firstCredentialArg && args[0].equalsIgnoreCase("-a")) {
+ for(int i=firstCredentialArg; i < args.length ; i++){
System.out.print(args[i]+":");
- System.out.println(Digest(args[i], args[1]));
+ System.out.println(Digest(args[i], args[1], encoding));
}
} else {
System.out.println
- ("Usage: RealmBase -a <algorithm> <credentials>");
+ ("Usage: RealmBase -a <algorithm> [-e <encoding>] <credentials>");
}
}
1.213 +4 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.212
retrieving revision 1.213
diff -u -r1.212 -r1.213
--- changelog.xml 4 Jan 2005 17:20:24 -0000 1.212
+++ changelog.xml 7 Jan 2005 10:06:38 -0000 1.213
@@ -58,6 +58,10 @@
Feature addition to add Redirector and failOnError support for all Catalina Ant tasks,
submitted by Gabriele Garuglieri (remm)
</add>
+ <fix>
+ <bug>31198</bug>: Fix FORM and DIGEST authentication for non-ASCII
+ usernames and passwords. (markt)
+ </fix>
</changelog>
</subsection>
1.24 +9 -0 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml
Index: realm-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- realm-howto.xml 23 Nov 2004 23:14:09 -0000 1.23
+++ realm-howto.xml 7 Jan 2005 10:06:38 -0000 1.24
@@ -221,6 +221,15 @@
<code>$CATALINA_HOME/server/lib/catalina.jar</code> file will need to be
on your class path to make the <code>RealmBase</code> class available.</p>
+<p>Non-ASCII usernames and/or passwords are supported using
+<source>java org.apache.catalina.realm.RealmBase \
+ -a {algorithm} -e {encoding} {input}
+</source>
+but care is required to ensure that the non-ASCII input is
+correctly passed to the digester.
+The digester returns <code>{input}:{digest}</code>. If the input appears
+corrupted in the return, the digest will be invalid.</p>
+
</subsection>
1.12 +39 -0 jakarta-tomcat-catalina/webapps/docs/config/valve.xml
Index: valve.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/valve.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- valve.xml 25 Oct 2004 15:29:41 -0000 1.11
+++ valve.xml 7 Jan 2005 10:06:38 -0000 1.12
@@ -389,6 +389,45 @@
</section>
+<section name="Form Authenticator Valve">
+
+ <subsection name="Introduction">
+
+ <p>The <strong>Form Authenticator Valve</strong> is automatically added to
+ any <a href="context.html">Context</a> that is configured to use FORM
+ authentication.</p>
+
+ <p>If any non-default settings are required, the valve may be configured
+ within <a href="context.html">Context</a> element with the required
+ values.</p>
+
+ </subsection>
+
+ <subsection name="Attributes">
+
+ <p>The <strong>Form Authenticator Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <attributes>
+
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.FormAuthenticator</strong>.</p>
+ </attribute>
+
+ <attribute name="characterEncoding" required="false">
+ <p>Character encoding to use to read the username and password parameters
+ from the request. If not set, the encoding of the request body will be
+ used.</p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
+</section>
+
+
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org