Author: rjung
Date: Mon May 23 16:03:12 2011
New Revision: 1126561
URL: http://svn.apache.org/viewvc?rev=1126561&view=rev
Log:
Forward WWW-Authenticate from backend when status is 401
and server generated error pages are used.
Only implemented for Apache, IIS still needs this.
Modified:
tomcat/jk/trunk/native/apache-1.3/mod_jk.c
tomcat/jk/trunk/native/apache-2.0/mod_jk.c
tomcat/jk/trunk/native/common/jk_ajp_common.c
tomcat/jk/trunk/native/common/jk_global.h
tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/jk/trunk/native/apache-1.3/mod_jk.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-1.3/mod_jk.c?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/native/apache-1.3/mod_jk.c (original)
+++ tomcat/jk/trunk/native/apache-1.3/mod_jk.c Mon May 23 16:03:12 2011
@@ -304,6 +304,33 @@ static int JK_METHOD ws_start_response(j
apache_private_data_t *p = s->ws_private;
request_rec *r = p->r;
+ /* If we use proxy error pages, still pass
+ * through context headers needed for special status codes.
+ */
+ if (s->extension.use_server_error_pages &&
+ status >= s->extension.use_server_error_pages) {
+ if (status == HTTP_UNAUTHORIZED) {
+ int found = JK_FALSE;
+ for (h = 0; h < num_of_headers; h++) {
+ if (!strcasecmp(header_names[h], "WWW-Authenticate")) {
+ char *tmp = ap_pstrdup(r->pool, header_values[h]);
+ ap_table_set(r->err_headers_out,
+ "WWW-Authenticate", tmp);
+ found = JK_TRUE;
+ }
+ }
+ if (found == JK_FALSE) {
+ jk_server_conf_t *conf = (jk_server_conf_t *)
+
ap_get_module_config(r->server->module_config,
+ &jk_module);
+ jk_log(conf->log, JK_LOG_INFO,
+ "origin server sent 401 without"
+ " WWW-Authenticate header");
+ }
+ }
+ return JK_TRUE;
+ }
+
if (!reason) {
reason = "";
}
Modified: tomcat/jk/trunk/native/apache-2.0/mod_jk.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-2.0/mod_jk.c?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/jk/trunk/native/apache-2.0/mod_jk.c Mon May 23 16:03:12 2011
@@ -308,6 +308,33 @@ static int JK_METHOD ws_start_response(j
apache_private_data_t *p = s->ws_private;
request_rec *r = p->r;
+ /* If we use proxy error pages, still pass
+ * through context headers needed for special status codes.
+ */
+ if (s->extension.use_server_error_pages &&
+ status >= s->extension.use_server_error_pages) {
+ if (status == HTTP_UNAUTHORIZED) {
+ int found = JK_FALSE;
+ for (h = 0; h < num_of_headers; h++) {
+ if (!strcasecmp(header_names[h], "WWW-Authenticate")) {
+ char *tmp = apr_pstrdup(r->pool, header_values[h]);
+ apr_table_set(r->err_headers_out,
+ "WWW-Authenticate", tmp);
+ found = JK_TRUE;
+ }
+ }
+ if (found == JK_FALSE) {
+ jk_server_conf_t *xconf = (jk_server_conf_t *)
+
ap_get_module_config(r->server->module_config,
+ &jk_module);
+ jk_log(xconf->log, JK_LOG_INFO,
+ "origin server sent 401 without"
+ " WWW-Authenticate header");
+ }
+ }
+ return JK_TRUE;
+ }
+
/* If there is no reason given (or an empty one),
* we'll try to guess a good one.
*/
Modified: tomcat/jk/trunk/native/common/jk_ajp_common.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_ajp_common.c?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_ajp_common.c (original)
+++ tomcat/jk/trunk/native/common/jk_ajp_common.c Mon May 23 16:03:12 2011
@@ -1867,11 +1867,19 @@ static int ajp_process_callback(jk_msg_b
r->http_response_status >= r->extension.use_server_error_pages)
r->response_blocked = JK_TRUE;
+ /*
+ * Call even if response is blocked, since it also handles
+ * forwarding some headers for special http status codes
+ * even if the server uses an own error page.
+ * Example: The WWW-Authenticate header in case of
+ * HTTP_UNAUTHORIZED (401).
+ */
+ r->start_response(r, res.status, res.msg,
+ (const char *const *)res.header_names,
+ (const char *const *)res.header_values,
+ res.num_headers);
+
if (!r->response_blocked) {
- r->start_response(r, res.status, res.msg,
- (const char *const *)res.header_names,
- (const char *const *)res.header_values,
- res.num_headers);
if (r->flush && r->flush_header)
r->flush(r);
}
Modified: tomcat/jk/trunk/native/common/jk_global.h
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_global.h?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_global.h (original)
+++ tomcat/jk/trunk/native/common/jk_global.h Mon May 23 16:03:12 2011
@@ -229,6 +229,7 @@ extern "C"
#define JK_HTTP_OK 200
#define JK_HTTP_BAD_REQUEST 400
+#define JK_HTTP_UNAUTHORIZED 401
#define JK_HTTP_REQUEST_TOO_LARGE 413
#define JK_HTTP_SERVER_ERROR 500
#define JK_HTTP_NOT_IMPLEMENTED 501
Modified: tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/iis/jk_isapi_plugin.c?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/jk/trunk/native/iis/jk_isapi_plugin.c Mon May 23 16:03:12 2011
@@ -950,6 +950,34 @@ static int JK_METHOD start_response(jk_w
if (s && s->ws_private) {
int rv = JK_TRUE;
isapi_private_data_t *p = s->ws_private;
+
+ /* If we use proxy error pages, still pass
+ * through context headers needed for special status codes.
+ */
+ if (s->extension.use_server_error_pages &&
+ status >= s->extension.use_server_error_pages) {
+ if (status == JK_HTTP_UNAUTHORIZED) {
+ int found = JK_FALSE;
+ for (h = 0; h < num_of_headers; h++) {
+ if (!strcasecmp(header_names[h], "WWW-Authenticate")) {
+ /*
+ * TODO: we need to save a copy of header_values[h]
+ * for later reuse in write_error_message()
+ * which is called later on form HttpExtensionProc
+ * because of use_server_error_pages.
+ */
+ found = JK_TRUE;
+ }
+ }
+ if (found == JK_FALSE) {
+ jk_log(logger, JK_LOG_INFO,
+ "origin server sent 401 without"
+ " WWW-Authenticate header");
+ }
+ }
+ return JK_TRUE;
+ }
+
if (!s->response_started) {
char *status_str = NULL;
char *headers_str = NULL;
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1126561&r1=1126560&r2=1126561&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Mon May 23 16:03:12 2011
@@ -76,6 +76,10 @@
"DIS" (disabled) and "STP" (stopped). (rjung)
</add>
<fix>
+ Apache: Forward WWW-Authenticate from backend when status is 401
+ and server generated error pages are used. (rjung)
+ </fix>
+ <fix>
<bug>50363</bug>: IIS: Prevent chunk encoding of empty message
bodies for 204, 205 and 304 responses. (timw)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
