You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2005/11/22 06:06:44 UTC
svn commit: r348087 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java

Author: billbarker
Date: Mon Nov 21 21:06:40 2005
New Revision: 348087

URL: http://svn.apache.org/viewcvs?rev=348087&view=rev
Log:
The rule is that you authenticate if *all* security-constraints include an auth-constraint.  If you have a problem with this, take it up with the Servlet expert-group ;-).

Reported By: Nam T. Nguyen <Th...@borland.com>


Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=348087&r1=348086&r2=348087&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Mon Nov 21 21:06:40 2005
@@ -468,28 +468,33 @@
              */
             return;
         }
-       
-        for(i=0; i < constraints.length; i++) {
-            // Authenticate based upon the specified login configuration
-            if (constraints[i].getAuthConstraint()) {
+
+        // Since authenticate modifies the response on failure,
+        // we have to check for allow-from-all first.
+        boolean authRequired = true;
+        for(i=0; i < constraints.length && authRequired; i++) {
+            if(!constraints[i].getAuthConstraint()) {
+                authRequired = false;
+            } 
+        }
+             
+        if(authRequired) {  
+            if (log.isDebugEnabled()) {
+                log.debug(" Calling authenticate()");
+            }
+            if (!authenticate(request, response, config)) {
                 if (log.isDebugEnabled()) {
-                    log.debug(" Calling authenticate()");
+                    log.debug(" Failed authenticate() test");
                 }
-                if (!authenticate(request, response, config)) {
-                    if (log.isDebugEnabled()) {
-                        log.debug(" Failed authenticate() test");
-                    }
-                    /*
-                     * ASSERT: Authenticator already set the appropriate
-                     * HTTP status code, so we do not have to do anything
-                     * special
-                     */
-                    return;
-                } else {
-                    break;
-                }
-            }
+                /*
+                 * ASSERT: Authenticator already set the appropriate
+                 * HTTP status code, so we do not have to do anything
+                 * special
+                 */
+                return;
+            } 
         }
+    
         if (log.isDebugEnabled()) {
             log.debug(" Calling accessControl()");
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org