[tomcat] 01/01: BZ 62496: Add possibility write remote user/auth type to response header
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 906126fdee95a2620e5c2163cf15003ceac5f603 Author: Michael Osipov AuthorDate: Wed Jul 31 13:39:35 2019 +0200 BZ 62496: Add possibility write remote user/auth type to response header --- .../catalina/authenticator/AuthenticatorBase.java | 41 + .../authenticator/TestAuthInfoResponseHeaders.java | 169 + webapps/docs/changelog.xml | 4 + webapps/docs/config/valve.xml | 52 +++ 4 files changed, 266 insertions(+) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index 92cb4e2..110391a 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -53,9 +53,11 @@ import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl; import org.apache.catalina.authenticator.jaspic.MessageInfoImpl; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.filters.RemoteIpFilter; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.SessionIdGeneratorBase; import org.apache.catalina.util.StandardSessionIdGenerator; +import org.apache.catalina.valves.RemoteIpValve; import org.apache.catalina.valves.ValveBase; import org.apache.coyote.ActionCode; import org.apache.juli.logging.Log; @@ -214,6 +216,19 @@ public abstract class AuthenticatorBase extends ValveBase */ protected String jaspicCallbackHandlerClass = null; +/** + * Should the auth information (remote user and auth type) be returned as response + * headers for a forwarded/proxied request? When the {@link RemoteIpValve} or + * {@link RemoteIpFilter} mark a forwarded request with the + * {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} this authenticator can return the + * values of {@link HttpServletRequest#getRemoteUser()} and + * {@link HttpServletRequest#getAuthType()} as reponse headers {@code remote-user} + * and {@code auth-type} to a reverse proxy. This is useful, e.g., for access log + * consistency or other decisions to make. + */ + +protected boolean sendAuthInfoResponseHeaders = false; + protected SessionIdGeneratorBase sessionIdGenerator = null; /** @@ -429,6 +444,26 @@ public abstract class AuthenticatorBase extends ValveBase this.jaspicCallbackHandlerClass = jaspicCallbackHandlerClass; } +/** + * Returns the flag whether authentication information will be sent to a reverse + * proxy on a forwarded request. + * + * @return {@code true} if response headers shall be sent, {@code false} otherwise + */ +public boolean isSendAuthInfoResponseHeaders() { +return sendAuthInfoResponseHeaders; +} + +/** + * Sets the flag whether authentication information will be send to a reverse + * proxy on a forwarded request. + * + * @param {@code true} if response headers shall be sent, {@code false} otherwise + */ +public void setSendAuthInfoResponseHeaders(boolean sendAuthInfoResponseHeaders) { +this.sendAuthInfoResponseHeaders = sendAuthInfoResponseHeaders; +} + // - Public Methods /** @@ -997,6 +1032,12 @@ public abstract class AuthenticatorBase extends ValveBase request.setAuthType(authType); request.setUserPrincipal(principal); +if (sendAuthInfoResponseHeaders +&& Boolean.TRUE.equals(request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE))) { +response.setHeader("remote-user", request.getRemoteUser()); +response.setHeader("auth-type", request.getAuthType()); +} + Session session = request.getSessionInternal(false); if (session != null) { diff --git a/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java new file mode 100644 index 000..881c37b --- /dev/null +++ b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java @@ -0,0 +1,169 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in
[tomcat] branch BZ-62496/tomcat-9.0.x updated (38f6b31 -> 906126f)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. discard 38f6b31 BZ 62496: Add possibility write remote user/auth type to response header new 906126f BZ 62496: Add possibility write remote user/auth type to response header This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (38f6b31) \ N -- N -- N refs/heads/BZ-62496/tomcat-9.0.x (906126f) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: webapps/docs/changelog.xml | 4 1 file changed, 4 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tomcat wiki edit access request
Done. Thanks for contributing and happy editing. Mark On 31/07/2019 17:09, Guild, Jason A (DOT) wrote: > Hi there, > I have some minor additions for the wiki that I'd like to add. > May I please have edit access in Apache Confluence under my login 'jaguild'? > Thanks, > Jason > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
tomcat wiki edit access request
Hi there, I have some minor additions for the wiki that I'd like to add. May I please have edit access in Apache Confluence under my login 'jaguild'? Thanks, Jason - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on issue #180: BZ 62496: Add possibility write remote user/auth type to response header
michael-o commented on issue #180: BZ 62496: Add possibility write remote user/auth type to response header URL: https://github.com/apache/tomcat/pull/180#issuecomment-516837019 @markt-asf lower cased with a force push. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-62496/tomcat-9.0.x updated (c64803e -> 38f6b31)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. discard c64803e BZ 62496: Add possibility write remote user/auth type to response header new 38f6b31 BZ 62496: Add possibility write remote user/auth type to response header This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (c64803e) \ N -- N -- N refs/heads/BZ-62496/tomcat-9.0.x (38f6b31) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/authenticator/AuthenticatorBase.java | 8 .../catalina/authenticator/TestAuthInfoResponseHeaders.java | 8 webapps/docs/config/valve.xml | 8 3 files changed, 12 insertions(+), 12 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 62496: Add possibility write remote user/auth type to response header
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 38f6b312b4271b3dc3e230587c7594764fb72e63 Author: Michael Osipov AuthorDate: Wed Jul 31 13:39:35 2019 +0200 BZ 62496: Add possibility write remote user/auth type to response header --- .../catalina/authenticator/AuthenticatorBase.java | 41 + .../authenticator/TestAuthInfoResponseHeaders.java | 169 + webapps/docs/config/valve.xml | 52 +++ 3 files changed, 262 insertions(+) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index 92cb4e2..110391a 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -53,9 +53,11 @@ import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl; import org.apache.catalina.authenticator.jaspic.MessageInfoImpl; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.filters.RemoteIpFilter; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.SessionIdGeneratorBase; import org.apache.catalina.util.StandardSessionIdGenerator; +import org.apache.catalina.valves.RemoteIpValve; import org.apache.catalina.valves.ValveBase; import org.apache.coyote.ActionCode; import org.apache.juli.logging.Log; @@ -214,6 +216,19 @@ public abstract class AuthenticatorBase extends ValveBase */ protected String jaspicCallbackHandlerClass = null; +/** + * Should the auth information (remote user and auth type) be returned as response + * headers for a forwarded/proxied request? When the {@link RemoteIpValve} or + * {@link RemoteIpFilter} mark a forwarded request with the + * {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} this authenticator can return the + * values of {@link HttpServletRequest#getRemoteUser()} and + * {@link HttpServletRequest#getAuthType()} as reponse headers {@code remote-user} + * and {@code auth-type} to a reverse proxy. This is useful, e.g., for access log + * consistency or other decisions to make. + */ + +protected boolean sendAuthInfoResponseHeaders = false; + protected SessionIdGeneratorBase sessionIdGenerator = null; /** @@ -429,6 +444,26 @@ public abstract class AuthenticatorBase extends ValveBase this.jaspicCallbackHandlerClass = jaspicCallbackHandlerClass; } +/** + * Returns the flag whether authentication information will be sent to a reverse + * proxy on a forwarded request. + * + * @return {@code true} if response headers shall be sent, {@code false} otherwise + */ +public boolean isSendAuthInfoResponseHeaders() { +return sendAuthInfoResponseHeaders; +} + +/** + * Sets the flag whether authentication information will be send to a reverse + * proxy on a forwarded request. + * + * @param {@code true} if response headers shall be sent, {@code false} otherwise + */ +public void setSendAuthInfoResponseHeaders(boolean sendAuthInfoResponseHeaders) { +this.sendAuthInfoResponseHeaders = sendAuthInfoResponseHeaders; +} + // - Public Methods /** @@ -997,6 +1032,12 @@ public abstract class AuthenticatorBase extends ValveBase request.setAuthType(authType); request.setUserPrincipal(principal); +if (sendAuthInfoResponseHeaders +&& Boolean.TRUE.equals(request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE))) { +response.setHeader("remote-user", request.getRemoteUser()); +response.setHeader("auth-type", request.getAuthType()); +} + Session session = request.getSessionInternal(false); if (session != null) { diff --git a/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java new file mode 100644 index 000..881c37b --- /dev/null +++ b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java @@ -0,0 +1,169 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed
[GitHub] [tomcat] michael-o edited a comment on issue #180: BZ 62496: Add possibility write remote user/auth type to response header
michael-o edited a comment on issue #180: BZ 62496: Add possibility write remote user/auth type to response header URL: https://github.com/apache/tomcat/pull/180#issuecomment-516819284 * I concur the `X-` because of RFC 6648. Alternatively, `Tomcat-...`? * I can convert them to lower, no issue, but when I see the usage of `setHeader()` on `AuthenticatorBase` and friends, it is still upper kebab case. For consistency reasons, this should be done in one go. Shall I do then lowercase for this case only for now? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on issue #180: BZ 62496: Add possibility write remote user/auth type to response header
michael-o commented on issue #180: BZ 62496: Add possibility write remote user/auth type to response header URL: https://github.com/apache/tomcat/pull/180#issuecomment-516819284 * I concur the `X-` because of RFC 6648. * I can convert them to lower, no issue, but when I see the usage of `setHeader()` on `AuthenticatorBase` and friends, it is still upper kebab case. For consistency reasons, this should be done in one go. Shall I do then lowercase for this case only for now? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o opened a new pull request #180: BZ 62496: Add possibility write remote user/auth type to response header
michael-o opened a new pull request #180: BZ 62496: Add possibility write remote user/auth type to response header URL: https://github.com/apache/tomcat/pull/180 Two issues: * I have opted not to make the header names configurable to reduce complexity in the first place. This can be done if someone really requests it. * I did not document the flag for the `SSLAuthenticator` because this happens before HTTP on the gateway, thus the gateway has the remote_user already and will forward the cert to the Tomcat instance. If approved, I'll port back to 8.5.x and 7.0.x This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63597] use of unimplemented RequestUtil method in Host-Manager page
https://bz.apache.org/bugzilla/show_bug.cgi?id=63597 Mark Thomas changed: What|Removed |Added CC||andreas.ofenbo...@atos.net --- Comment #2 from Mark Thomas --- *** Bug 63622 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63622] Host Manager's 404.jsp throws exception
https://bz.apache.org/bugzilla/show_bug.cgi?id=63622 Mark Thomas changed: What|Removed |Added Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- *** This bug has been marked as a duplicate of bug 63597 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63622] New: Host Manager's 404.jsp throws exception
https://bz.apache.org/bugzilla/show_bug.cgi?id=63622 Bug ID: 63622 Summary: Host Manager's 404.jsp throws exception Product: Tomcat 9 Version: 9.0.22 Hardware: Sun OS: Solaris Status: NEW Severity: trivial Priority: P2 Component: Manager Assignee: dev@tomcat.apache.org Reporter: andreas.ofenbo...@atos.net Target Milestone: - The host manager's 404.jsp throws the following exception. DD-MMM- HH:mm:ss SEVERE [http-nio-8080-exec-5] org.apache.catalina.core.StandardHostValve.custom Exception Processing ErrorPage[errorCode=404, location=/WEB-INF/jsp/404.jsp] org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: [36] in the jsp file: [/WEB-INF/jsp/404.jsp] The method filter(String) is undefined for the type RequestUtil 33:404 Not found 34: 35: The page you tried to access 36: (<%=RequestUtil.filter((String) request.getAttribute( 37: "javax.servlet.error.request_uri"))%>) 38: does not exist. 39: Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:213) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:522) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:392) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:362) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:346) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:603) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:399) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312) at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:394) at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:253) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:175) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) --- The manager app does not have this issue, so I did a diff (output shows the relevant first few lines only): diff -u apache-tomcat-9.0.22/webapps/host-manager/WEB-INF/jsp/404.jsp apache-tomcat-9.0.22/webapps/manager/WEB-INF/jsp/404.jsp --- apache-tomcat-9.0.22/webapps/host-manager/WEB-INF/jsp/404.jsp Thu Jul 4 16:23:49 2019 +++ apache-tomcat-9.0.22/webapps/manager/WEB-INF/jsp/404.jspThu Jul 4 16:23:49 2019 @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. --%> -<%@ page import="org.apache.catalina.util.RequestUtil"
buildbot success in on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1406 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch 7.0.x] a3907730c9ba9abbbaacac732066766b2ef422d9 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 62496: Add possibility write remote user/auth type to response header
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit c64803e1fa4f2ac74b45eaa39e59a52cc4684a2f Author: Michael Osipov AuthorDate: Wed Jul 31 13:39:35 2019 +0200 BZ 62496: Add possibility write remote user/auth type to response header --- .../catalina/authenticator/AuthenticatorBase.java | 41 + .../authenticator/TestAuthInfoResponseHeaders.java | 169 + webapps/docs/config/valve.xml | 52 +++ 3 files changed, 262 insertions(+) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index 92cb4e2..3928b54 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -53,9 +53,11 @@ import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl; import org.apache.catalina.authenticator.jaspic.MessageInfoImpl; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.catalina.filters.RemoteIpFilter; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.SessionIdGeneratorBase; import org.apache.catalina.util.StandardSessionIdGenerator; +import org.apache.catalina.valves.RemoteIpValve; import org.apache.catalina.valves.ValveBase; import org.apache.coyote.ActionCode; import org.apache.juli.logging.Log; @@ -214,6 +216,19 @@ public abstract class AuthenticatorBase extends ValveBase */ protected String jaspicCallbackHandlerClass = null; +/** + * Should the auth information (remote user and auth type) be returned as response + * headers for a forwarded/proxied request? When the {@link RemoteIpValve} or + * {@link RemoteIpFilter} mark a forwarded request with the + * {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} this authenticator can return the + * values of {@link HttpServletRequest#getRemoteUser()} and + * {@link HttpServletRequest#getAuthType()} as reponse headers {@code Remote-User} + * and {@code Auth-Type} to a reverse proxy. This is useful, e.g., for access log + * consistency or other decisions to make. + */ + +protected boolean sendAuthInfoResponseHeaders = false; + protected SessionIdGeneratorBase sessionIdGenerator = null; /** @@ -429,6 +444,26 @@ public abstract class AuthenticatorBase extends ValveBase this.jaspicCallbackHandlerClass = jaspicCallbackHandlerClass; } +/** + * Returns the flag whether authentication information will be sent to a reverse + * proxy on a forwarded request. + * + * @return {@code true} if response headers shall be sent, {@code false} otherwise + */ +public boolean isSendAuthInfoResponseHeaders() { +return sendAuthInfoResponseHeaders; +} + +/** + * Sets the flag whether authentication information will be send to a reverse + * proxy on a forwarded request. + * + * @param {@code true} if response headers shall be sent, {@code false} otherwise + */ +public void setSendAuthInfoResponseHeaders(boolean sendAuthInfoResponseHeaders) { +this.sendAuthInfoResponseHeaders = sendAuthInfoResponseHeaders; +} + // - Public Methods /** @@ -997,6 +1032,12 @@ public abstract class AuthenticatorBase extends ValveBase request.setAuthType(authType); request.setUserPrincipal(principal); +if (sendAuthInfoResponseHeaders +&& Boolean.TRUE.equals(request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE))) { +response.setHeader("Remote-User", request.getRemoteUser()); +response.setHeader("Auth-Type", request.getAuthType()); +} + Session session = request.getSessionInternal(false); if (session != null) { diff --git a/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java new file mode 100644 index 000..c607262 --- /dev/null +++ b/test/org/apache/catalina/authenticator/TestAuthInfoResponseHeaders.java @@ -0,0 +1,169 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed
[tomcat] branch BZ-62496/tomcat-9.0.x created (now c64803e)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-62496/tomcat-9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at c64803e BZ 62496: Add possibility write remote user/auth type to response header This branch includes the following new commits: new c64803e BZ 62496: Add possibility write remote user/auth type to response header The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1868 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 40b5f501c4a36690c4e599ccd20ecc4902a6710d Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4521 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 645034e2a24e33897fb48ae667895cadbf124092 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix copy/paste error
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new a390773 Fix copy/paste error a390773 is described below commit a3907730c9ba9abbbaacac732066766b2ef422d9 Author: Mark Thomas AuthorDate: Wed Jul 31 11:43:15 2019 +0100 Fix copy/paste error --- java/org/apache/catalina/valves/RemoteIpValve.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 3f97be9..2ef9b99 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -748,7 +748,7 @@ public class RemoteIpValve extends ValveBase { request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE, request.getProtocol()); request.setAttribute(AccessLog.SERVER_NAME_ATTRIBUTE, -Integer.valueOf(request.getServerName())); +request.getServerName()); request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE, Integer.valueOf(request.getServerPort())); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix copy/paste error
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 40b5f50 Fix copy/paste error 40b5f50 is described below commit 40b5f501c4a36690c4e599ccd20ecc4902a6710d Author: Mark Thomas AuthorDate: Wed Jul 31 11:43:15 2019 +0100 Fix copy/paste error --- java/org/apache/catalina/valves/RemoteIpValve.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 89aa4b4..ae5bacc 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -739,7 +739,7 @@ public class RemoteIpValve extends ValveBase { request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE, request.getProtocol()); request.setAttribute(AccessLog.SERVER_NAME_ATTRIBUTE, -Integer.valueOf(request.getServerName())); +request.getServerName()); request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE, Integer.valueOf(request.getServerPort())); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix copy/paste error
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 645034e Fix copy/paste error 645034e is described below commit 645034e2a24e33897fb48ae667895cadbf124092 Author: Mark Thomas AuthorDate: Wed Jul 31 11:43:15 2019 +0100 Fix copy/paste error --- java/org/apache/catalina/valves/RemoteIpValve.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 89aa4b4..ae5bacc 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -739,7 +739,7 @@ public class RemoteIpValve extends ValveBase { request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE, request.getProtocol()); request.setAttribute(AccessLog.SERVER_NAME_ATTRIBUTE, -Integer.valueOf(request.getServerName())); +request.getServerName()); request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE, Integer.valueOf(request.getServerPort())); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org