authenticator AuthenticatorBase.java

keith Tue, 18 Mar 2003 17:31:57 -0800

keith       2003/03/18 17:33:17

  Modified:    .        RELEASE-NOTES-4.1.txt
               catalina/src/share/org/apache/catalina/authenticator
                        AuthenticatorBase.java
  Log:
  Rollback incorrect fix for 14616
  
  Revision  Changes    Path
  1.70      +1 -5      jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt
  
  Index: RELEASE-NOTES-4.1.txt
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v
  retrieving revision 1.69
  retrieving revision 1.70
  diff -u -r1.69 -r1.70
  --- RELEASE-NOTES-4.1.txt     18 Mar 2003 10:56:12 -0000      1.69
  +++ RELEASE-NOTES-4.1.txt     19 Mar 2003 01:33:16 -0000      1.70
  @@ -731,10 +731,6 @@
            JDBCStore
            Fix bug where first session in result set was skipped.
   
  -[4.1.23] #14616
  -         AuthenticatorBase
  -         Redirect for trailing slash prior to auth challenge for root contexts 
  -
   
   ----------------
   Coyote Bug Fixes:
  
  
  
  1.37      +6 -14     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.36
  retrieving revision 1.37
  diff -u -r1.36 -r1.37
  --- AuthenticatorBase.java    12 Mar 2003 14:48:13 -0000      1.36
  +++ AuthenticatorBase.java    19 Mar 2003 01:33:17 -0000      1.37
  @@ -444,16 +444,6 @@
           HttpRequest hrequest = (HttpRequest) request;
           HttpResponse hresponse = (HttpResponse) response;
   
  -        // Do not authenticate prior to redirects for trailing slashes,
  -        // at least for the root of the context
  -        String requestURI = hrequest.getDecodedRequestURI();
  -        String contextPath = this.context.getPath();
  -        if (requestURI.charAt(requestURI.length() - 1) != '/' &&
  -            requestURI.equals(contextPath)) {
  -            context.invokeNext(request, response);
  -            return;
  -        }
  -
           if (debug >= 1)
               log("Security checking request " +
                   ((HttpServletRequest) request.getRequest()).getMethod() + " " +
  @@ -484,6 +474,8 @@
           // Special handling for form-based logins to deal with the case
           // where the login form (and therefore the "j_security_check" URI
           // to which it submits) might be outside the secured area
  +        String requestURI = hrequest.getDecodedRequestURI();
  +        String contextPath = this.context.getPath();
           if (requestURI.startsWith(contextPath) &&
               requestURI.endsWith(Constants.FORM_ACTION)) {
               if (!authenticate(hrequest, hresponse, config)) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java

Reply via email to