svn commit: r903569 - in /tomcat/tc5.5.x/trunk: ./ container/catalina/src/share/org/apache/catalina/authenticator/ container/webapps/docs/

Wed, 27 Jan 2010 00:52:56 -0800 

Author: kkolinko
Date: Wed Jan 27 08:52:27 2010
New Revision: 903569

URL: http://svn.apache.org/viewvc?rev=903569&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537
Return an error page rather than a zero length 200 response if the forward to 
the login or error page fails during FORM authentication

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
    
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=903569&r1=903568&r2=903569&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Wed Jan 27 08:52:27 2010
@@ -148,13 +148,6 @@
      it could be described in ssl-howto.html, see 6.0.  2. BZ 48613 is
      an issue that existed before this patch, but it makes it noticeable.
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537
-  Return an error page rather than a zero length 200 response if the forward to
-  the login or error page fails during FORM authentication
-  http://svn.apache.org/viewvc?rev=889606&view=rev
-  +1: markt, rjung, kkolinko
-  -1: 
-
 * Address https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
   Prevent session fixation by changing session ID on authentication by default
   If you don't like the session ID changing by default, feel free to caveat 
your

Modified: 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java?rev=903569&r1=903568&r2=903569&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
 (original)
+++ 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
 Wed Jan 27 08:52:27 2010
@@ -30,6 +30,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.Globals;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -307,8 +308,12 @@
      * @param response Response we are creating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the login page fails and the call
+     *                      to {...@link HttpServletResponse#sendError(int, 
String)
+     *                      throws an {...@link IOException}
      */
-    protected void forwardToLoginPage(Request request, Response response, 
LoginConfig config) {
+    protected void forwardToLoginPage(Request request, Response response,
+            LoginConfig config) throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getLoginPage());
@@ -316,7 +321,11 @@
             disp.forward(request.getRequest(), response.getResponse());
             response.finishResponse();
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to login page", t);
+            String msg = sm.getString("formAuthenticator.forwardLoginFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 
@@ -328,15 +337,23 @@
      * @param response Response we are creating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the error page fails and the call
+     *                      to {...@link HttpServletResponse#sendError(int, 
String)
+     *                      throws an {...@link IOException}
      */
-    protected void forwardToErrorPage(Request request, Response response, 
LoginConfig config) {
+    protected void forwardToErrorPage(Request request, Response response,
+            LoginConfig config) throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getErrorPage());
         try {
             disp.forward(request.getRequest(), response.getResponse());
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to error page", t);
+            String msg = sm.getString("formAuthenticator.forwardErrorFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 

Modified: 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties?rev=903569&r1=903568&r2=903569&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties
 (original)
+++ 
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/authenticator/LocalStrings.properties
 Wed Jan 27 08:52:27 2010
@@ -27,3 +27,6 @@
 authenticator.sessionExpired=The time allowed for the login process has been 
exceeded. If you wish to continue you must either click back twice and re-click 
the link you requested or close and re-open your browser
 authenticator.unauthorized=Cannot authenticate with the provided credentials
 authenticator.userDataConstraint=This request violates a User Data constraint 
for this application
+
+formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
+formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=903569&r1=903568&r2=903569&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Wed Jan 27 
08:52:27 2010
@@ -95,6 +95,11 @@
         old method. Patch provided by Christopher Schultz. (markt)
       </fix>
       <fix>
+        <bug>47537</bug>: Return an error page rather than a zero length 200
+        response if the forward to the login or error page fails during FORM
+        authentication. (markt)
+      </fix>
+      <fix>
         <bug>47718</bug>: Fix file descriptor leak on context stop/reload. 
Patch
         provided by George Sexton. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to