You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/08/07 23:29:18 UTC
svn commit: r1370537 -
/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Author: markt
Date: Tue Aug 7 21:29:18 2012
New Revision: 1370537
URL: http://svn.apache.org/viewvc?rev=1370537&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
Ignore path parameters when comparing URIs for FORM authentication. This prevents users being prompted twice for passwords when logging in when session IDs are being encoded as path parameters.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1370537&r1=1370536&r2=1370537&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Tue Aug 7 21:29:18 2012
@@ -475,7 +475,7 @@ public class FormAuthenticator
}
// Does the request URI match?
- String requestURI = request.getRequestURI();
+ String requestURI = request.getDecodedRequestURI();
if (requestURI == null) {
return (false);
}
@@ -635,7 +635,7 @@ public class FormAuthenticator
saved.setMethod(request.getMethod());
saved.setQueryString(request.getQueryString());
- saved.setRequestURI(request.getRequestURI());
+ saved.setRequestURI(request.getDecodedRequestURI());
// Stash the SavedRequest in our session for later use
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org