You are viewing a plain text version of this content. The canonical link for it is here.

Posted to scm@geronimo.apache.org by ri...@apache.org on 2007/05/15 19:51:14 UTC

svn commit: r538265 - /geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java

Author: rickmcguire
Date: Tue May 15 10:51:13 2007
New Revision: 538265

URL: http://svn.apache.org/viewvc?view=rev&rev=538265
Log:
Fix exception when authenticator fails because of missing certs. 


Modified:
    geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java

Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?view=diff&rev=538265&r1=538264&r2=538265
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java Tue May 15 10:51:13 2007
@@ -259,11 +259,16 @@
         // j_security_check.
         // if we are logged in, return the logged in principal.
         if (request != null) {
-            // null response appears to prevent redirect to login page
-            Principal user = authenticator.authenticate(realm, pathInContext,
-                    request, null);
-            if (user != null) {
-                return user;
+            try {
+                // null response appears to prevent redirect to login page
+                Principal user = authenticator.authenticate(realm, pathInContext,
+                        request, null);
+                if (user != null) {
+                    return user;
+                }
+            } catch (Exception e) {
+            // the Jetty authenticator tries to write something to the response if 
+            // there is a failure.  Ignore any errors and continue as if this failed. 
             }
         }

Re: svn commit: r538265 - /geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java

Posted by Rick McGuire <ri...@gmail.com>.

This was the ClientCertAuthenticator that was causing the problem.  I'm 
ok with this getting fixed in Jetty (I'd prefer it be done that way, 
actually).  I figured that given the timing of things, this was an 
easier fix to get in place. 

Rick

David Jencks wrote:
> I think we need to fix this by having jetty check for a response 
> before trying to use it.  Which authenticator is this using?  I filed 
> a bug http://jira.codehaus.org/browse/JETTY-340 for this situation in 
> the FormAuthenticator.
>
> I'm going to be removing this change as part of GERONIMO-3154.  I'm 
> happy to take this up with Greg W if necessary, but I don't think this 
> is an appropriate fix.
>
> thanks
> david jencks
>
> On May 15, 2007, at 10:51 AM, rickmcguire@apache.org wrote:
>
>> Author: rickmcguire
>> Date: Tue May 15 10:51:13 2007
>> New Revision: 538265
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=538265
>> Log:
>> Fix exception when authenticator fails because of missing certs.
>>
>>
>> Modified:
>>     
>> geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java 
>>
>>
>> Modified: 
>> geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java 
>>
>> URL: 
>> http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?view=diff&rev=538265&r1=538264&r2=538265 
>>
>> ============================================================================== 
>>
>> --- 
>> geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java 
>> (original)
>> +++ 
>> geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java 
>> Tue May 15 10:51:13 2007
>> @@ -259,11 +259,16 @@
>>          // j_security_check.
>>          // if we are logged in, return the logged in principal.
>>          if (request != null) {
>> -            // null response appears to prevent redirect to login page
>> -            Principal user = authenticator.authenticate(realm, 
>> pathInContext,
>> -                    request, null);
>> -            if (user != null) {
>> -                return user;
>> +            try {
>> +                // null response appears to prevent redirect to 
>> login page
>> +                Principal user = authenticator.authenticate(realm, 
>> pathInContext,
>> +                        request, null);
>> +                if (user != null) {
>> +                    return user;
>> +                }
>> +            } catch (Exception e) {
>> +            // the Jetty authenticator tries to write something to 
>> the response if
>> +            // there is a failure.  Ignore any errors and continue 
>> as if this failed.
>>              }
>>          }
>>
>>
>>
>
>

Re: svn commit: r538265 - /geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java

Posted by David Jencks <da...@yahoo.com>.

I think we need to fix this by having jetty check for a response  
before trying to use it.  Which authenticator is this using?  I filed  
a bug http://jira.codehaus.org/browse/JETTY-340 for this situation in  
the FormAuthenticator.

I'm going to be removing this change as part of GERONIMO-3154.  I'm  
happy to take this up with Greg W if necessary, but I don't think  
this is an appropriate fix.

thanks
david jencks

On May 15, 2007, at 10:51 AM, rickmcguire@apache.org wrote:

> Author: rickmcguire
> Date: Tue May 15 10:51:13 2007
> New Revision: 538265
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=538265
> Log:
> Fix exception when authenticator fails because of missing certs.
>
>
> Modified:
>     geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/ 
> apache/geronimo/jetty6/handler/JettySecurityHandler.java
>
> Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/ 
> java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
> URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/ 
> geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/ 
> JettySecurityHandler.java?view=diff&rev=538265&r1=538264&r2=538265
> ====================================================================== 
> ========
> --- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/ 
> apache/geronimo/jetty6/handler/JettySecurityHandler.java (original)
> +++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/ 
> apache/geronimo/jetty6/handler/JettySecurityHandler.java Tue May 15  
> 10:51:13 2007
> @@ -259,11 +259,16 @@
>          // j_security_check.
>          // if we are logged in, return the logged in principal.
>          if (request != null) {
> -            // null response appears to prevent redirect to login  
> page
> -            Principal user = authenticator.authenticate(realm,  
> pathInContext,
> -                    request, null);
> -            if (user != null) {
> -                return user;
> +            try {
> +                // null response appears to prevent redirect to  
> login page
> +                Principal user = authenticator.authenticate(realm,  
> pathInContext,
> +                        request, null);
> +                if (user != null) {
> +                    return user;
> +                }
> +            } catch (Exception e) {
> +            // the Jetty authenticator tries to write something to  
> the response if
> +            // there is a failure.  Ignore any errors and continue  
> as if this failed.
>              }
>          }
>
>
>