luehe 2004/01/21 10:46:19
Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Fix for Bugtraq 4932547: Replaced SC_INTERNAL_SERVER_ERROR with
SC_FORBIDDEN if anonymous access (caused by missing
<login-config>/<auth-method> in web.xml) is not allowed
Revision Changes Path
1.26 +5 -5
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- RealmBase.java 11 Jan 2004 09:23:42 -0000 1.25
+++ RealmBase.java 21 Jan 2004 18:46:19 -0000 1.26
@@ -703,7 +703,7 @@
if (log.isDebugEnabled())
log.debug(" No user authenticated, cannot grant access");
((HttpServletResponse) response.getResponse()).sendError
- (HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ (HttpServletResponse.SC_FORBIDDEN,
sm.getString("realmBase.notAuthenticated"));
return (false);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
