You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cr...@locus.apache.org on 2000/04/13 03:45:57 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets AuthServlet.java DefaultErrorPage.java
craigmcc 00/04/12 18:45:56
Modified: src/share/org/apache/tomcat/core ContextManager.java
HttpServletResponseFacade.java
src/share/org/apache/tomcat/servlets AuthServlet.java
DefaultErrorPage.java
Log:
Fix a bug where BASIC authentication fails to trigger the pop-up
dialog box for username and password on IE. This bug was introduced
by my previous fix to HttpServletResponseFacade.java to make it reset
the response inside sendError() and sendRedirect(). Unfortunately,
due to the way Tomcat is currently structured, this caused the
"WWW-Authenticate" message containing the challenge to be erased.
Netscape Navigator saw the 401 (Unauthorized) error, and popped up a
dialog box anyway, with an "unknown" realm. However, IE didn't see
a "WWW-Authenticate" so it didn't do anything.
The workaround in this patch is to NOT reset the response if sendError
is called with a status code of 401. I've been staring at this code for
three hours, and cannot see any other way short of a major restructuring
to get around this problem differently.
Revision Changes Path
1.69 +1 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ContextManager.java 2000/04/06 21:14:45 1.68
+++ ContextManager.java 2000/04/13 01:45:54 1.69
@@ -736,6 +736,7 @@
errorServlet.handleRequest(req.getFacade(),res.getFacade());
// will call this if any error happens
}
+
return;
}
1.10 +4 -4 jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- HttpServletResponseFacade.java 2000/04/08 00:02:18 1.9
+++ HttpServletResponseFacade.java 2000/04/13 01:45:54 1.10
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.9 2000/04/08 00:02:18 craigmcc Exp $
- * $Revision: 1.9 $
- * $Date: 2000/04/08 00:02:18 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.10 2000/04/13 01:45:54 craigmcc Exp $
+ * $Revision: 1.10 $
+ * $Date: 2000/04/13 01:45:54 $
*
* ====================================================================
*
@@ -155,7 +155,7 @@
public void sendError(int sc, String msg) throws IOException {
if (isCommitted())
throw new IllegalStateException(sm.getString("hsrf.error.ise"));
- else
+ else if (sc != HttpServletResponse.SC_UNAUTHORIZED) // CRM: FIXME
reset();
setStatus( sc );
Request request=response.getRequest();
1.6 +1 -0 jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java
Index: AuthServlet.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- AuthServlet.java 2000/04/07 22:59:02 1.5
+++ AuthServlet.java 2000/04/13 01:45:55 1.6
@@ -81,6 +81,7 @@
Request req=((HttpServletRequestFacade)request).getRealRequest();
Context ctx=req.getContext();
String realm=ctx.getRealmName();
+
if( "EXPERIMENTAL_FORM".equals( ctx.getAuthMethod() )) {
// the code is not uglier that the spec, we are just implementing it.
// if you don't understand what's here - you're not alone !
1.9 +3 -0 jakarta-tomcat/src/share/org/apache/tomcat/servlets/DefaultErrorPage.java
Index: DefaultErrorPage.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/servlets/DefaultErrorPage.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- DefaultErrorPage.java 2000/04/05 02:52:16 1.8
+++ DefaultErrorPage.java 2000/04/13 01:45:56 1.9
@@ -109,6 +109,7 @@
// -------------------- Default error page --------------------
private void sendPrivateError(Request request, Response response, int sc, String msg) throws IOException {
+
response.setContentType("text/html");
response.setStatus( sc );
@@ -135,7 +136,9 @@
// -------------------- Redirect page --------------------
public void redirect(Request request, Response response, String location) throws IOException {
+
location = makeAbsolute(request, location);
+
response.setContentType("text/html"); // ISO-8859-1 default
response.setHeader("Location", location);
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets
AuthServlet.java DefaultErrorPage.java
Posted by Hans Bergsten <ha...@gefionsoftware.com>.
craigmcc@locus.apache.org wrote:
>
> craigmcc 00/04/12 18:45:56
>
> Modified: src/share/org/apache/tomcat/core ContextManager.java
> HttpServletResponseFacade.java
> src/share/org/apache/tomcat/servlets AuthServlet.java
> DefaultErrorPage.java
> Log:
> Fix a bug where BASIC authentication fails to trigger the pop-up
> dialog box for username and password on IE. This bug was introduced
> by my previous fix to HttpServletResponseFacade.java to make it reset
> the response inside sendError() and sendRedirect(). Unfortunately,
> due to the way Tomcat is currently structured, this caused the
> "WWW-Authenticate" message containing the challenge to be erased.
>
> Netscape Navigator saw the 401 (Unauthorized) error, and popped up a
> dialog box anyway, with an "unknown" realm. However, IE didn't see
> a "WWW-Authenticate" so it didn't do anything.
>
> The workaround in this patch is to NOT reset the response if sendError
> is called with a status code of 401. I've been staring at this code for
> three hours, and cannot see any other way short of a major restructuring
> to get around this problem differently.
Should this fix be part of 3.1? I assume that the main branch is for the
next release now and 3.1 bug fixes must be committed to the tagged branch?
Hans
--
Hans Bergsten hans@gefionsoftware.com
Gefion Software http://www.gefionsoftware.com