[tomcat] branch 8.5.x updated: Improve the behavior of the credential handler attribute

Thu, 17 Nov 2022 02:28:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 18bb5ec0c7 Improve the behavior of the credential handler attribute
18bb5ec0c7 is described below

commit 18bb5ec0c7d8de4bedc8c9a37798e7f6713d24c2
Author: remm <r...@apache.org>
AuthorDate: Thu Nov 17 11:14:56 2022 +0100

    Improve the behavior of the credential handler attribute
    
    This will now set a Servlet context attribute if a Realm is used by the
    Context. Also CombinedRealm get a credential handler that will produce
    results by asking the nested realms.
---
 java/org/apache/catalina/core/StandardContext.java |  9 ++++--
 java/org/apache/catalina/realm/CombinedRealm.java  | 35 ++++++++++++++++++++++
 webapps/docs/changelog.xml                         |  9 ++++++
 3 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardContext.java 
b/java/org/apache/catalina/core/StandardContext.java
index 2156995af9..1458b10c1e 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -5101,23 +5101,26 @@ public class StandardContext extends ContainerBase
                 getLogger();
 
                 Realm realm = getRealmInternal();
-                if(null != realm) {
+                if (null != realm) {
                     if (realm instanceof Lifecycle) {
                         ((Lifecycle) realm).start();
                     }
+                }
 
+                realm = getRealm();
+                if (null != realm) {
                     // Place the CredentialHandler into the ServletContext so
                     // applications can have access to it. Wrap it in a "safe"
                     // handler so application's can't modify it.
                     CredentialHandler safeHandler = new CredentialHandler() {
                         @Override
                         public boolean matches(String inputCredentials, String 
storedCredentials) {
-                            return 
getRealmInternal().getCredentialHandler().matches(inputCredentials, 
storedCredentials);
+                            return 
getRealm().getCredentialHandler().matches(inputCredentials, storedCredentials);
                         }
 
                         @Override
                         public String mutate(String inputCredentials) {
-                            return 
getRealmInternal().getCredentialHandler().mutate(inputCredentials);
+                            return 
getRealm().getCredentialHandler().mutate(inputCredentials);
                         }
                     };
                     context.setAttribute(Globals.CREDENTIAL_HANDLER, 
safeHandler);
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index dc2c23eaa5..0f5eca6158 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -260,6 +260,12 @@ public class CombinedRealm extends RealmBase {
                 }
             }
         }
+
+        if (getCredentialHandler() == null) {
+            // Set a credential handler that will ask the nested realms so 
that it can
+            // be set by the context in the attributes, it won't be used 
directly
+            super.setCredentialHandler(new CombinedRealmCredentialHandler());
+        }
         super.startInternal();
     }
 
@@ -492,4 +498,33 @@ public class CombinedRealm extends RealmBase {
         log.warn(sm.getString("combinedRealm.setCredentialHandler"));
         super.setCredentialHandler(credentialHandler);
     }
+
+    private class CombinedRealmCredentialHandler implements CredentialHandler {
+
+        @Override
+        public boolean matches(String inputCredentials,
+                String storedCredentials) {
+            for (Realm realm : realms) {
+                if (realm.getCredentialHandler().matches(inputCredentials, 
storedCredentials)) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        @Override
+        public String mutate(String inputCredentials) {
+            if (realms.isEmpty()) {
+                return null;
+            }
+            for (Realm realm : realms) {
+                String mutatedCredentials = 
realm.getCredentialHandler().mutate(inputCredentials);
+                if (mutatedCredentials != null) {
+                    return mutatedCredentials;
+                }
+            }
+            return null;
+       }
+
+    }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 143f984f32..07ee06fe8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 8.5.85 (schultz)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        Improve the behavior of the credential handler attribute that is set in
+        the Servlet context so that it actually reflects what is used during
+        authentication. (remm)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <scode>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to