Author: markt
Date: Tue Aug 7 21:29:18 2012
New Revision: 1370537
URL: http://svn.apache.org/viewvc?rev=1370537&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
Ignore path parameters when comparing URIs for FORM authentication. This
prevents users being prompted twice for passwords when logging in when session
IDs are being encoded as path parameters.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1370537&r1=1370536&r2=1370537&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Tue Aug 7 21:29:18 2012
@@ -475,7 +475,7 @@ public class FormAuthenticator
}
// Does the request URI match?
- String requestURI = request.getRequestURI();
+ String requestURI = request.getDecodedRequestURI();
if (requestURI == null) {
return (false);
}
@@ -635,7 +635,7 @@ public class FormAuthenticator
saved.setMethod(request.getMethod());
saved.setQueryString(request.getQueryString());
- saved.setRequestURI(request.getRequestURI());
+ saved.setRequestURI(request.getDecodedRequestURI());
// Stash the SavedRequest in our session for later use
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
