You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cr...@apache.org on 2001/05/11 01:53:55 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy SecurityConstraint.java
craigmcc 01/05/10 16:53:55
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
catalina/src/share/org/apache/catalina/deploy
SecurityConstraint.java
Log:
Update access control logic to correctly process authentication
constraints with a "*" <role-name> element, which means that all roles are
allowed.
Submitted by: Tony Ng <To...@eng.sun.com>
Revision Changes Path
1.13 +11 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- AuthenticatorBase.java 2001/05/10 19:47:09 1.12
+++ AuthenticatorBase.java 2001/05/10 23:53:53 1.13
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.12 2001/05/10 19:47:09 craigmcc Exp $
- * $Revision: 1.12 $
- * $Date: 2001/05/10 19:47:09 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.13 2001/05/10 23:53:53 craigmcc Exp $
+ * $Revision: 1.13 $
+ * $Date: 2001/05/10 23:53:53 $
*
* ====================================================================
*
@@ -95,6 +95,7 @@
import org.apache.catalina.Session;
import org.apache.catalina.Valve;
import org.apache.catalina.ValveContext;
+import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.LifecycleSupport;
@@ -120,7 +121,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.12 $ $Date: 2001/05/10 19:47:09 $
+ * @version $Revision: 1.13 $ $Date: 2001/05/10 23:53:53 $
*/
@@ -570,6 +571,8 @@
Principal principal =
((HttpServletRequest) request.getRequest()).getUserPrincipal();
if (principal == null) {
+ if (debug >= 2)
+ log(" No user authenticated, cannot grant access");
((HttpServletResponse) response.getResponse()).sendError
(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
sm.getString("authenticator.notAuthenticated"));
@@ -582,7 +585,8 @@
if (roles == null)
roles = new String[0];
if (roles.length == 0) {
- if (constraint.getAuthConstraint()) {
+ if (constraint.getAuthConstraint() &&
+ !constraint.getAllRoles()) {
((HttpServletResponse) response.getResponse()).sendError
(HttpServletResponse.SC_FORBIDDEN,
sm.getString("authenticator.forbidden"));
@@ -1014,6 +1018,8 @@
throw new LifecycleException
(sm.getString("authenticator.alreadyStarted"));
lifecycle.fireLifecycleEvent(START_EVENT, null);
+ if (context instanceof StandardContext)
+ setDebug(((StandardContext) context).getDebug());
started = true;
// Look up the SingleSignOn implementation in our request processing
1.4 +8 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java
Index: SecurityConstraint.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecurityConstraint.java 2000/10/29 00:35:05 1.3
+++ SecurityConstraint.java 2001/05/10 23:53:54 1.4
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v 1.3 2000/10/29 00:35:05 craigmcc Exp $
- * $Revision: 1.3 $
- * $Date: 2000/10/29 00:35:05 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v 1.4 2001/05/10 23:53:54 craigmcc Exp $
+ * $Revision: 1.4 $
+ * $Date: 2001/05/10 23:53:54 $
*
* ====================================================================
*
@@ -77,7 +77,7 @@
* this class is synchronized.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.3 $ $Date: 2000/10/29 00:35:05 $
+ * @version $Revision: 1.4 $ $Date: 2001/05/10 23:53:54 $
*/
public final class SecurityConstraint {
@@ -234,14 +234,16 @@
if (authRole == null)
return;
+ if ("*".equals(authRole)) {
+ allRoles = true;
+ return;
+ }
String results[] = new String[authRoles.length + 1];
for (int i = 0; i < authRoles.length; i++)
results[i] = authRoles[i];
results[authRoles.length] = authRole;
authRoles = results;
authConstraint = true;
- if ("*".equals(authRole))
- allRoles = true;
}