Author: markt
Date: Tue Nov 17 02:19:49 2009
New Revision: 881100
URL: http://svn.apache.org/viewvc?rev=881100&view=rev
Log:
Implement request.authenticate()
This required re-factoring the Authenticator interface to use
HttpServletResponse. It would be nice to refactor to use HttpServletRequest as
well but at the moment the authenticator requires too much access to the
request internals.
Modified:
tomcat/trunk/java/org/apache/catalina/Authenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
Modified: tomcat/trunk/java/org/apache/catalina/Authenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Authenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Authenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Authenticator.java Tue Nov 17
02:19:49 2009
@@ -21,6 +21,8 @@
import java.io.IOException;
import java.security.Principal;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
@@ -43,13 +45,13 @@
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
*/
- public boolean authenticate(Request request, Response response,
+ public boolean authenticate(Request request, HttpServletResponse response,
LoginConfig config) throws IOException;
/**
@@ -60,13 +62,13 @@
* SSO sessions.
*
* @param request The servlet request we are processing
- * @param response The servlet response we are generating
+ * @param response The servlet response we are populating
* @param principal The authenticated Principal to be registered
* @param authType The authentication type to be registered
* @param username Username used to authenticate (if any)
* @param password Password used to authenticate (if any)
*/
- public void register(Request request, Response response,
+ public void register(Request request, HttpServletResponse response,
Principal principal, String authType,
String username, String password);
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Tue Nov 17 02:19:49 2009
@@ -30,6 +30,7 @@
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
@@ -101,6 +102,10 @@
*/
protected static final int SESSION_ID_BYTES = 16;
+ /**
+ * Authentication header
+ */
+ protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
/**
* The message digest algorithm to be used when generating session
@@ -564,14 +569,14 @@
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
*/
public abstract boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException;
@@ -708,7 +713,7 @@
* @param username Username used to authenticate (if any)
* @param password Password used to authenticate (if any)
*/
- public void register(Request request, Response response,
+ public void register(Request request, HttpServletResponse response,
Principal principal, String authType,
String username, String password) {
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
Tue Nov 17 02:19:49 2009
@@ -25,7 +25,6 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.Base64;
import org.apache.juli.logging.Log;
@@ -49,31 +48,6 @@
extends AuthenticatorBase {
private static final Log log = LogFactory.getLog(BasicAuthenticator.class);
-
-
- /**
- * Authenticate bytes.
- */
- public static final byte[] AUTHENTICATE_BYTES = {
- (byte) 'W',
- (byte) 'W',
- (byte) 'W',
- (byte) '-',
- (byte) 'A',
- (byte) 'u',
- (byte) 't',
- (byte) 'h',
- (byte) 'e',
- (byte) 'n',
- (byte) 't',
- (byte) 'i',
- (byte) 'c',
- (byte) 'a',
- (byte) 't',
- (byte) 'e'
- };
-
-
// ----------------------------------------------------- Instance Variables
@@ -116,7 +90,7 @@
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
@@ -188,24 +162,18 @@
}
}
-
- // Send an "unauthorized" response and an appropriate challenge
- MessageBytes authenticate =
- response.getCoyoteResponse().getMimeHeaders()
- .addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);
- CharChunk authenticateCC = authenticate.getCharChunk();
- authenticateCC.append("Basic realm=\"");
+ StringBuilder value = new StringBuilder(16);
+ value.append("Basic realm=\"");
if (config.getRealmName() == null) {
- authenticateCC.append(request.getServerName());
- authenticateCC.append(':');
- authenticateCC.append(Integer.toString(request.getServerPort()));
+ value.append(request.getServerName());
+ value.append(':');
+ value.append(Integer.toString(request.getServerPort()));
} else {
- authenticateCC.append(config.getRealmName());
+ value.append(config.getRealmName());
}
- authenticateCC.append('\"');
- authenticate.toChars();
+ value.append('\"');
+ response.setHeader(AUTH_HEADER_NAME, value.toString());
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- //response.flushBuffer();
return (false);
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Tue Nov 17 02:19:49 2009
@@ -25,12 +25,12 @@
import java.security.Principal;
import java.util.StringTokenizer;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.MD5Encoder;
import org.apache.juli.logging.Log;
@@ -129,7 +129,7 @@
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
@@ -400,8 +400,8 @@
* should be performed
* @param nOnce nonce token
*/
- protected void setAuthenticateHeader(Request request,
- Response response,
+ protected void setAuthenticateHeader(HttpServletRequest request,
+ HttpServletResponse response,
LoginConfig config,
String nOnce) {
@@ -419,7 +419,7 @@
String authenticateHeader = "Digest realm=\"" + realmName + "\", "
+ "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
+ md5Encoder.encode(buffer) + "\"";
- response.setHeader("WWW-Authenticate", authenticateHeader);
+ response.setHeader(AUTH_HEADER_NAME, authenticateHeader);
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Tue Nov 17 02:19:49 2009
@@ -123,7 +123,7 @@
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
@@ -305,17 +305,17 @@
* Called to forward to the login page
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*/
- protected void forwardToLoginPage(Request request, Response response,
LoginConfig config) {
+ protected void forwardToLoginPage(Request request,
+ HttpServletResponse response, LoginConfig config) {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
- disp.forward(request.getRequest(), response.getResponse());
- response.finishResponse();
+ disp.forward(request.getRequest(), response);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to login page", t);
}
@@ -326,16 +326,17 @@
* Called to forward to the error page
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*/
- protected void forwardToErrorPage(Request request, Response response,
LoginConfig config) {
+ protected void forwardToErrorPage(Request request,
+ HttpServletResponse response, LoginConfig config) {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
- disp.forward(request.getRequest(), response.getResponse());
+ disp.forward(request.getRequest(), response);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to error page", t);
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
Tue Nov 17 02:19:49 2009
@@ -21,8 +21,9 @@
import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
@@ -73,7 +74,7 @@
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
@@ -81,7 +82,7 @@
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
Tue Nov 17 02:19:49 2009
@@ -29,7 +29,6 @@
import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
@@ -84,7 +83,7 @@
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=881100&r1=881099&r2=881100&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Tue Nov 17
02:19:49 2009
@@ -54,7 +54,6 @@
import javax.servlet.http.HttpSession;
import javax.servlet.http.Part;
-import org.apache.catalina.Authenticator;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.Host;
@@ -2322,8 +2321,13 @@
sm.getString("coyoteRequest.authenticate.ise"));
}
- // TODO SERVLET3
- return false;
+ LoginConfig config = context.getLoginConfig();
+
+ if (config == null) {
+ throw new ServletException(
+ sm.getString("coyoteRequest.noLoginConfig"));
+ }
+ return context.getAuthenticator().authenticate(this, response, config);
}
/**
@@ -2341,12 +2345,13 @@
sm.getString("coyoteRequest.alreadyAuthenticated"));
}
- if (context.getLoginConfig() == null) {
+ LoginConfig config = context.getLoginConfig();
+ if (config == null) {
throw new ServletException(
sm.getString("coyoteRequest.noLoginConfig"));
}
- String authMethod = context.getLoginConfig().getAuthMethod();
+ String authMethod = config.getAuthMethod();
if (BASIC_AUTH.equals(authMethod) || FORM_AUTH.equals(authMethod) ||
DIGEST_AUTH.equals(authMethod)) {
// Methods support user name and password authentication
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
