Author: markt Date: Fri Dec 11 13:12:57 2009 New Revision: 889606 URL: http://svn.apache.org/viewvc?rev=889606&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537 Return an error page if a forward during form auth fails rather than a zero length 200 response.
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Modified: tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=889606&r1=889605&r2=889606&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java Fri Dec 11 13:12:57 2009 @@ -30,6 +30,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.Globals; import org.apache.catalina.Realm; import org.apache.catalina.Session; import org.apache.catalina.connector.Request; @@ -307,16 +308,24 @@ * @param response Response we are populating * @param config Login configuration describing how authentication * should be performed + * @throws IOException If the forward to the login page fails and the call + * to {...@link HttpServletResponse#sendError(int, String) + * throws an {...@link IOException} */ protected void forwardToLoginPage(Request request, - HttpServletResponse response, LoginConfig config) { + HttpServletResponse response, LoginConfig config) + throws IOException { RequestDispatcher disp = context.getServletContext().getRequestDispatcher (config.getLoginPage()); try { disp.forward(request.getRequest(), response); } catch (Throwable t) { - log.warn("Unexpected error forwarding to login page", t); + String msg = sm.getString("formAuthenticator.forwardLoginFail"); + log.warn(msg, t); + request.setAttribute(Globals.EXCEPTION_ATTR, t); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + msg); } } @@ -328,16 +337,24 @@ * @param response Response we are populating * @param config Login configuration describing how authentication * should be performed + * @throws IOException If the forward to the error page fails and the call + * to {...@link HttpServletResponse#sendError(int, String) + * throws an {...@link IOException} */ protected void forwardToErrorPage(Request request, - HttpServletResponse response, LoginConfig config) { + HttpServletResponse response, LoginConfig config) + throws IOException { RequestDispatcher disp = context.getServletContext().getRequestDispatcher (config.getErrorPage()); try { disp.forward(request.getRequest(), response); } catch (Throwable t) { - log.warn("Unexpected error forwarding to error page", t); + String msg = sm.getString("formAuthenticator.forwardErrorFail"); + log.warn(msg, t); + request.setAttribute(Globals.EXCEPTION_ATTR, t); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + msg); } } Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=889606&r1=889605&r2=889606&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Fri Dec 11 13:12:57 2009 @@ -27,3 +27,6 @@ authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser authenticator.unauthorized=Cannot authenticate with the provided credentials authenticator.userDataConstraint=This request violates a User Data constraint for this application + +formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page +formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org