You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2005/11/22 06:06:44 UTC
svn commit: r348087 -
/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Author: billbarker
Date: Mon Nov 21 21:06:40 2005
New Revision: 348087
URL: http://svn.apache.org/viewcvs?rev=348087&view=rev
Log:
The rule is that you authenticate if *all* security-constraints include an auth-constraint. If you have a problem with this, take it up with the Servlet expert-group ;-).
Reported By: Nam T. Nguyen <Th...@borland.com>
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=348087&r1=348086&r2=348087&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Mon Nov 21 21:06:40 2005
@@ -468,28 +468,33 @@
*/
return;
}
-
- for(i=0; i < constraints.length; i++) {
- // Authenticate based upon the specified login configuration
- if (constraints[i].getAuthConstraint()) {
+
+ // Since authenticate modifies the response on failure,
+ // we have to check for allow-from-all first.
+ boolean authRequired = true;
+ for(i=0; i < constraints.length && authRequired; i++) {
+ if(!constraints[i].getAuthConstraint()) {
+ authRequired = false;
+ }
+ }
+
+ if(authRequired) {
+ if (log.isDebugEnabled()) {
+ log.debug(" Calling authenticate()");
+ }
+ if (!authenticate(request, response, config)) {
if (log.isDebugEnabled()) {
- log.debug(" Calling authenticate()");
+ log.debug(" Failed authenticate() test");
}
- if (!authenticate(request, response, config)) {
- if (log.isDebugEnabled()) {
- log.debug(" Failed authenticate() test");
- }
- /*
- * ASSERT: Authenticator already set the appropriate
- * HTTP status code, so we do not have to do anything
- * special
- */
- return;
- } else {
- break;
- }
- }
+ /*
+ * ASSERT: Authenticator already set the appropriate
+ * HTTP status code, so we do not have to do anything
+ * special
+ */
+ return;
+ }
}
+
if (log.isDebugEnabled()) {
log.debug(" Calling accessControl()");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org