You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/21 15:47:56 UTC
[tomcat] branch main updated: Additional debug logging for FORM authentication
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3c6507d46c Additional debug logging for FORM authentication
3c6507d46c is described below
commit 3c6507d46ce98b4f76a9786f70a93eb83477fe1b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Sun Aug 21 16:47:36 2022 +0100
Additional debug logging for FORM authentication
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 7 +++++++
java/org/apache/catalina/authenticator/LocalStrings.properties | 2 ++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index ed2caf6518..95bffc286a 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -258,6 +258,9 @@ public class FormAuthenticator
// Does session id match?
String expectedSessionId = (String) session.getNote(Constants.SESSION_ID_NOTE);
if (expectedSessionId == null || !expectedSessionId.equals(request.getRequestedSessionId())) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("formAuthenticator.sessionIdMismatch", session.getId(), expectedSessionId));
+ }
session.expire();
session = null;
}
@@ -418,8 +421,12 @@ public class FormAuthenticator
if (getChangeSessionIdOnAuthentication()) {
Session session = request.getSessionInternal(false);
if (session != null) {
+ String oldSessionId = session.getId();
String newSessionId = changeSessionID(request, session);
session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("formAuthenticator.changeSessionIdLogin", oldSessionId, newSessionId));
+ }
}
}
diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 81acc29369..ccb4935a9c 100644
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -36,11 +36,13 @@ basicAuthenticator.invalidCharset=The only permitted values are null, the empty
digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase nonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
+formAuthenticator.changeSessionIdLogin=Session ID changed during before forwarding to login page during FORM authentication from [{0}] to [{1}]
formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
formAuthenticator.forwardLogin=Forwarding request for [{0}] made with method [{1}] to login page [{2}] of context [{3}] using request method GET
formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
formAuthenticator.noErrorPage=No error page was defined for FORM authentication in context [{0}]
formAuthenticator.noLoginPage=No login page was defined for FORM authentication in context [{0}]
+formAuthenticator.sessionIdMismatch=Current session ID is [{0}] but FORM authenticator was expecting [{1}]
singleSignOn.debug.associate=SSO associating application session [{1}] with SSO session [{0}]
singleSignOn.debug.associateFail=SSO failed to associate application session [{0}] since SSO session [{1}] does not exist
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org