keith 2003/03/18 17:33:17 Modified: . RELEASE-NOTES-4.1.txt catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java Log: Rollback incorrect fix for 14616 Revision Changes Path 1.70 +1 -5 jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt Index: RELEASE-NOTES-4.1.txt =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- RELEASE-NOTES-4.1.txt 18 Mar 2003 10:56:12 -0000 1.69 +++ RELEASE-NOTES-4.1.txt 19 Mar 2003 01:33:16 -0000 1.70 @@ -731,10 +731,6 @@ JDBCStore Fix bug where first session in result set was skipped. -[4.1.23] #14616 - AuthenticatorBase - Redirect for trailing slash prior to auth challenge for root contexts - ---------------- Coyote Bug Fixes: 1.37 +6 -14 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- AuthenticatorBase.java 12 Mar 2003 14:48:13 -0000 1.36 +++ AuthenticatorBase.java 19 Mar 2003 01:33:17 -0000 1.37 @@ -444,16 +444,6 @@ HttpRequest hrequest = (HttpRequest) request; HttpResponse hresponse = (HttpResponse) response; - // Do not authenticate prior to redirects for trailing slashes, - // at least for the root of the context - String requestURI = hrequest.getDecodedRequestURI(); - String contextPath = this.context.getPath(); - if (requestURI.charAt(requestURI.length() - 1) != '/' && - requestURI.equals(contextPath)) { - context.invokeNext(request, response); - return; - } - if (debug >= 1) log("Security checking request " + ((HttpServletRequest) request.getRequest()).getMethod() + " " + @@ -484,6 +474,8 @@ // Special handling for form-based logins to deal with the case // where the login form (and therefore the "j_security_check" URI // to which it submits) might be outside the secured area + String requestURI = hrequest.getDecodedRequestURI(); + String contextPath = this.context.getPath(); if (requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION)) { if (!authenticate(hrequest, hresponse, config)) {
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]