You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2001/10/03 07:38:44 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
billbarker 01/10/02 22:38:44
Modified: src/share/org/apache/tomcat/modules/aaa
AccessInterceptor.java
Log:
Add a check for "INTEGRAL" transport-guarantee.
This gets us in line with the "recommended" behavior in the servlet spec (that INTEGRAL should imply SSL).
Revision Changes Path
1.18 +4 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java
Index: AccessInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- AccessInterceptor.java 2001/09/23 03:26:32 1.17
+++ AccessInterceptor.java 2001/10/03 05:38:44 1.18
@@ -333,10 +333,11 @@
transp=(String)req.getNote( reqTransportNote );
}
- // Check transport. We only verify "CONFIDENTIAL", other auth modules
- // could do other tests
+ // Check transport. We verify "CONFIDENTIAL" and "INTEGRAL,
+ // other auth modules could do other tests
if( debug > 0 ) log( "Transport " + transp );
- if( "CONFIDENTIAL".equalsIgnoreCase(transp) ) {
+ if( "CONFIDENTIAL".equalsIgnoreCase(transp) ||
+ "INTEGRAL".equalsIgnoreCase(transp) ) {
if( ! req.scheme().equals("https")) {
// We could redirect or do something advanced - but the spec
// only requires us to deny access. A nice error handler