nacho 01/09/12 14:35:46 Modified: src/share/org/apache/tomcat/modules/server Ajp13Interceptor.java Ajp13.java Log: Implemented the "tomcatAuthtentication" attribute. This attribute when true ( de default ) permits the user of the Ajp13 protocol to override auth from the HTTP Server, and let Tomcat deal with auth itself. Revision Changes Path 1.13 +23 -11 jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13Interceptor.java Index: Ajp13Interceptor.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13Interceptor.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- Ajp13Interceptor.java 2001/08/29 05:08:07 1.12 +++ Ajp13Interceptor.java 2001/09/12 21:35:46 1.13 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13Interceptor.java,v 1.12 2001/08/29 05:08:07 costin Exp $ - * $Revision: 1.12 $ - * $Date: 2001/08/29 05:08:07 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13Interceptor.java,v 1.13 2001/09/12 21:35:46 nacho Exp $ + * $Revision: 1.13 $ + * $Date: 2001/09/12 21:35:46 $ * * ==================================================================== * @@ -79,6 +79,7 @@ public class Ajp13Interceptor extends PoolTcpConnector implements TcpConnectionHandler { + private boolean tomcatAuthentication=true; public Ajp13Interceptor() { super(); @@ -99,10 +100,12 @@ Object thData[]=new Object[3]; Ajp13Request req=new Ajp13Request(); Ajp13Response res=new Ajp13Response(); + Ajp13 con=new Ajp13(); + con.setTomcatAuthentication(isTomcatAuthentication()); cm.initRequest(req, res); thData[0]=req; thData[1]=res; - thData[2]=new Ajp13(); + thData[2]=con; return thData; } @@ -140,12 +143,13 @@ req = new Ajp13Request(); res = new Ajp13Response(); con = new Ajp13(); + con.setTomcatAuthentication(isTomcatAuthentication()); cm.initRequest( req, res ); } // XXX req.ajp13=con; res.ajp13=con; - + con.setSocket(socket); boolean moreRequests = true; @@ -159,13 +163,13 @@ socket.getInetAddress())) { moreRequests = false; continue; - } + } } if( status != 200 ) break; - + cm.service(req, res); - + req.recycle(); res.recycle(); } @@ -181,13 +185,13 @@ { this.cm=(ContextManager)contextM; } - + protected boolean doShutdown(InetAddress serverAddr, InetAddress clientAddr) { try { // close the socket connection before handling any signal - // but get the addresses first so they are not corrupted + // but get the addresses first so they are not corrupted if(Ajp12.isSameAddress(serverAddr, clientAddr)) { cm.stop(); // same behavior as in past, because it seems that @@ -201,7 +205,15 @@ log("Shutdown command ignored"); return false; } - + + public boolean isTomcatAuthentication() { + return tomcatAuthentication; + } + + public void setTomcatAuthentication(boolean newTomcatAuthentication) { + tomcatAuthentication = newTomcatAuthentication; + } + } class Ajp13Request extends Request 1.25 +35 -20 jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13.java Index: Ajp13.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13.java,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- Ajp13.java 2001/09/01 01:53:25 1.24 +++ Ajp13.java 2001/09/12 21:35:46 1.25 @@ -194,30 +194,40 @@ Ajp13Packet inBuf = new Ajp13Packet( MAX_PACKET_SIZE ); // Boffer used for request head ( and headers ) Ajp13Packet hBuf=new Ajp13Packet( MAX_PACKET_SIZE ); - + // Holds incoming reads of request body data (*not* header data) byte []bodyBuff = new byte[MAX_READ_SIZE]; - + int blen; // Length of current chunk of body data in buffer int pos; // Current read position within that buffer boolean end_of_stream; // true if we've received an empty packet - public Ajp13() + // True to ignore HTTP server auth + private boolean tomcatAuthentication=true; + + public Ajp13() { super(); } - public void recycle() + public void recycle() { // This is a touch cargo-cultish, but I think wise. - blen = 0; + blen = 0; pos = 0; end_of_stream = false; if( dL>0 ) d( "recycle()"); headersWriter.recycle(); } - + + public boolean isTomcatAuthentication() { + return tomcatAuthentication; + } + + public void setTomcatAuthentication(boolean newTomcatAuthentication) { + tomcatAuthentication = newTomcatAuthentication; + } /** * Associate an open socket with this instance. */ @@ -326,50 +336,54 @@ case SC_A_CONTEXT : // contextPath = msg.getString(); break; - + case SC_A_SERVLET_PATH : //log("SC_A_SERVLET_PATH not in use " + msg.getString()); break; - + case SC_A_REMOTE_USER : - req.setRemoteUser( msg.getString()); - // XXX recycle ? - // Note that roles are not integrated with apache - req.setUserPrincipal( new SimplePrincipal( req.getRemoteUser() )); + if (isTomcatAuthentication()) { // Ignore auth done by HTTP Server + msg.getString(); + } else { // Honor auth done by HTTP Server + req.setRemoteUser( msg.getString()); + // XXX recycle ? + // Note that roles are not integrated with apache + req.setUserPrincipal( new SimplePrincipal( req.getRemoteUser() )); + } break; - + case SC_A_AUTH_TYPE : req.setAuthType( msg.getString()); break; - + case SC_A_QUERY_STRING : msg.getMessageBytes( req.queryString()); break; - + case SC_A_JVM_ROUTE : req.setJvmRoute(msg.getString()); break; - + case SC_A_SSL_CERT : isSSL = true; req.setAttribute("javax.servlet.request.X509Certificate", msg.getString()); break; - + case SC_A_SSL_CIPHER : isSSL = true; req.setAttribute("javax.servlet.request.cipher_suite", msg.getString()); break; - + case SC_A_SSL_SESSION : isSSL = true; req.setAttribute("javax.servlet.request.ssl_session", msg.getString()); break; - + case SC_A_REQ_ATTRIBUTE : - req.setAttribute(msg.getString(), + req.setAttribute(msg.getString(), msg.getString()); break; @@ -734,4 +748,5 @@ private void d(String s ) { System.err.println( "Ajp13: " + s ); } + }