You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/06/17 14:23:51 UTC
svn commit: r1493729 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/ java/org/apache/catalina/connector/
test/org/apache/catalina/authenticator/ test/org/apache/catalina/startup/
Author: markt
Date: Mon Jun 17 12:23:51 2013
New Revision: 1493729
URL: http://svn.apache.org/r1493729
Log:
Servlet 3.1 - Switch to using 303 rather than 302 redirects for HTTP/1.1 requests
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1493729&r1=1493728&r2=1493729&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Mon Jun 17 12:23:51 2013
@@ -32,6 +32,7 @@ import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.coyote.ActionCode;
import org.apache.juli.logging.Log;
@@ -335,7 +336,17 @@ public class FormAuthenticator
response.sendRedirect(response.encodeRedirectURL(uri));
}
} else {
- response.sendRedirect(response.encodeRedirectURL(requestURI));
+ // Until the Servlet API allows specifying the type of redirect to
+ // use.
+ Response internalResponse = request.getResponse();
+ String location = response.encodeRedirectURL(requestURI);
+ if ("HTTP/1.1".equals(request.getProtocol())) {
+ internalResponse.sendRedirect(location,
+ HttpServletResponse.SC_SEE_OTHER);
+ } else {
+ internalResponse.sendRedirect(location,
+ HttpServletResponse.SC_FOUND);
+ }
}
return false;
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1493729&r1=1493728&r2=1493729&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Mon Jun 17 12:23:51 2013
@@ -1244,7 +1244,15 @@ public class Response
@Override
public void sendRedirect(String location)
throws IOException {
+ sendRedirect(location, SC_FOUND);
+ }
+ /**
+ * Internal method that allows a redirect to be sent with a status other
+ * than {@link HttpServletResponse#SC_FOUND} (302). No attempt is made to
+ * validate the status code.
+ */
+ public void sendRedirect(String location, int status) throws IOException {
if (isCommitted()) {
throw new IllegalStateException
(sm.getString("coyoteResponse.sendRedirect.ise"));
@@ -1261,7 +1269,7 @@ public class Response
// Generate a temporary redirect to the specified location
try {
String absolute = toAbsolute(location);
- setStatus(SC_FOUND);
+ setStatus(status);
setHeader("Location", absolute);
if (getContext().getSendRedirectBody()) {
PrintWriter writer = getWriter();
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestFormAuthenticator.java?rev=1493729&r1=1493728&r2=1493729&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestFormAuthenticator.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestFormAuthenticator.java Mon Jun 17 12:23:51 2013
@@ -75,6 +75,9 @@ public class TestFormAuthenticator exten
protected static final boolean CLIENT_USE_COOKIES = true;
protected static final boolean CLIENT_NO_COOKIES = !CLIENT_USE_COOKIES;
+ protected static final boolean CLIENT_USE_HTTP_11 = true;
+ protected static final boolean CLIENT_USE_HTTP_10 = !CLIENT_USE_HTTP_11;
+
protected static final boolean SERVER_USE_COOKIES = true;
protected static final boolean SERVER_NO_COOKIES = !SERVER_USE_COOKIES;
@@ -236,6 +239,14 @@ public class TestFormAuthenticator exten
FormAuthClient.LOGIN_REQUIRED, 1);
}
+ // HTTP 1.0 test
+ @Test
+ public void testGetWithCookiesHttp10() throws Exception {
+ doTest("GET", "GET", NO_100_CONTINUE,
+ CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID,
+ CLIENT_USE_HTTP_10);
+ }
+
/*
* Choreograph the steps of the test dialogue with the server
* 1. while not authenticated, try to access a protected resource
@@ -255,9 +266,20 @@ public class TestFormAuthenticator exten
boolean useContinue, boolean clientShouldUseCookies,
boolean serverWillUseCookies, boolean serverWillChangeSessid)
throws Exception {
+ return doTest(resourceMethod, redirectMethod, useContinue,
+ clientShouldUseCookies, serverWillUseCookies,
+ serverWillChangeSessid, true);
+ }
+
+ private String doTest(String resourceMethod, String redirectMethod,
+ boolean useContinue, boolean clientShouldUseCookies,
+ boolean serverWillUseCookies, boolean serverWillChangeSessid,
+ boolean clientShouldUseHttp11)
+ throws Exception {
client = new FormAuthClient(clientShouldUseCookies,
- serverWillUseCookies, serverWillChangeSessid);
+ clientShouldUseHttp11, serverWillUseCookies,
+ serverWillChangeSessid);
// First request for protected resource gets the login page
client.setUseContinue(useContinue);
@@ -279,8 +301,13 @@ public class TestFormAuthenticator exten
// Second request replies to the login challenge
client.setUseContinue(useContinue);
client.doLoginRequest(loginUri);
- assertTrue("login failed " + client.getResponseLine(),
- client.isResponse302());
+ if (clientShouldUseHttp11) {
+ assertTrue("login failed " + client.getResponseLine(),
+ client.isResponse303());
+ } else {
+ assertTrue("login failed " + client.getResponseLine(),
+ client.isResponse302());
+ }
assertTrue(client.isResponseBodyOK());
String redirectUri = client.getRedirectUri();
client.reset();
@@ -323,7 +350,7 @@ public class TestFormAuthenticator exten
* persistence of the authenticated session
*
* @param resourceMethod HTTP method for accessing the protected resource
- * @param protectedUri to access (with or withour sessionid)
+ * @param protectedUri to access (with or without sessionid)
* @param useContinue whether the HTTP client should expect a 100 Continue
* @param clientShouldUseCookies whether the client should send cookies
* @param serverWillUseCookies whether the server should send cookies
@@ -372,10 +399,15 @@ public class TestFormAuthenticator exten
protected final String SESSION_PARAMETER_START =
SESSION_PARAMETER_NAME + "=";
+ private boolean clientShouldUseHttp11;
+
private FormAuthClient(boolean clientShouldUseCookies,
+ boolean clientShouldUseHttp11,
boolean serverShouldUseCookies,
boolean serverShouldChangeSessid) throws Exception {
+ this.clientShouldUseHttp11 = clientShouldUseHttp11;
+
Tomcat tomcat = getTomcatInstance();
File appDir = new File(getBuildDirectory(), "webapps/examples");
Context ctx = tomcat.addWebapp(null, "/examples",
@@ -447,7 +479,11 @@ public class TestFormAuthenticator exten
requestHead.append("?role=bar");
}
}
- requestHead.append(" HTTP/1.1").append(CRLF);
+ if (clientShouldUseHttp11) {
+ requestHead.append(" HTTP/1.1").append(CRLF);
+ } else {
+ requestHead.append(" HTTP/1.0").append(CRLF);
+ }
// next, add the constant http headers
requestHead.append("Host: localhost").append(CRLF);
Modified: tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java?rev=1493729&r1=1493728&r2=1493729&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/SimpleHttpClient.java Mon Jun 17 12:23:51 2013
@@ -49,6 +49,7 @@ public abstract class SimpleHttpClient {
public static final String INFO_100 = "HTTP/1.1 100";
public static final String OK_200 = "HTTP/1.1 200";
public static final String REDIRECT_302 = "HTTP/1.1 302";
+ public static final String REDIRECT_303 = "HTTP/1.1 303";
public static final String FAIL_400 = "HTTP/1.1 400";
public static final String FAIL_404 = "HTTP/1.1 404";
public static final String TIMEOUT_408 = "HTTP/1.1 408";
@@ -400,6 +401,10 @@ public abstract class SimpleHttpClient {
return getResponseLine().startsWith(REDIRECT_302);
}
+ public boolean isResponse303() {
+ return getResponseLine().startsWith(REDIRECT_303);
+ }
+
public boolean isResponse400() {
return getResponseLine().startsWith(FAIL_400);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org