svn commit: r1083873 - /tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
Author: markt Date: Mon Mar 21 17:12:05 2011 New Revision: 1083873 URL: http://svn.apache.org/viewvc?rev=1083873&view=rev Log: Sync with implementation Modified: tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml Modified: tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml?rev=1083873&r1=1083872&r2=1083873&view=diff == --- tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml Mon Mar 21 17:12:05 2011 @@ -36,10 +36,18 @@ type="java.lang.String" writeable="false"/> - - + + + + + - - + + + + + - - + + + + + - - - - + + + + +
svn commit: r1083875 - in /tomcat/trunk/java/org/apache/catalina/authenticator: AuthenticatorBase.java mbeans-descriptors.xml
Author: markt
Date: Mon Mar 21 17:26:48 2011
New Revision: 1083875
URL: http://svn.apache.org/viewvc?rev=1083875&view=rev
Log:
Remove unused code
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1083875&r1=1083874&r2=1083875&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Mon Mar 21 17:26:48 2011
@@ -86,13 +86,6 @@ public abstract class AuthenticatorBase
/**
- * The default message digest algorithm to use if we cannot use
- * the requested one.
- */
-protected static final String DEFAULT_ALGORITHM = "MD5";
-
-
-/**
* Authentication header
*/
protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
@@ -103,14 +96,6 @@ public abstract class AuthenticatorBase
protected static final String REALM_NAME = "Authentication required";
/**
- * The message digest algorithm to be used when generating session
- * identifiers. This must be an algorithm supported by the
- * java.security.MessageDigest class on your platform.
- */
-protected String algorithm = DEFAULT_ALGORITHM;
-
-
-/**
* Should a session always be used once a user is authenticated? This may
* offer some performance benefits since the session can then be used to
* cache the authenticated Principal, hence removing the need to
@@ -218,28 +203,6 @@ public abstract class AuthenticatorBase
/**
- * Return the message digest algorithm for this Manager.
- */
-public String getAlgorithm() {
-
-return (this.algorithm);
-
-}
-
-
-/**
- * Set the message digest algorithm for this Manager.
- *
- * @param algorithm The new message digest algorithm
- */
-public void setAlgorithm(String algorithm) {
-
-this.algorithm = algorithm;
-
-}
-
-
-/**
* Return the cache authenticated Principals flag.
*/
public boolean getCache() {
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml?rev=1083875&r1=1083874&r2=1083875&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
Mon Mar 21 17:26:48 2011
@@ -23,10 +23,6 @@
group="Valve"
type="org.apache.catalina.authenticator.BasicAuthenticator">
-
-
@@ -61,10 +57,6 @@
group="Valve"
type="org.apache.catalina.authenticator.DigestAuthenticator">
-
-
@@ -98,10 +90,6 @@
group="Valve"
type="org.apache.catalina.authenticator.FormAuthenticator">
-
-
@@ -135,10 +123,6 @@
group="Valve"
type="org.apache.catalina.authenticator.NonLoginAuthenticator">
-
-
@@ -187,10 +171,6 @@
group="Valve"
type="org.apache.catalina.authenticator.SSLAuthenticator">
-
-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1083879 - in /tomcat/trunk: java/org/apache/catalina/authenticator/mbeans-descriptors.xml webapps/docs/config/valve.xml
Author: markt Date: Mon Mar 21 17:46:38 2011 New Revision: 1083879 URL: http://svn.apache.org/viewvc?rev=1083879&view=rev Log: Further additions to mbeans and docs for authentication valves Modified: tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml?rev=1083879&r1=1083878&r2=1083879&view=diff == --- tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml Mon Mar 21 17:46:38 2011 @@ -23,15 +23,31 @@ group="Valve" type="org.apache.catalina.authenticator.BasicAuthenticator"> + + + + + + + + @@ -57,15 +73,31 @@ group="Valve" type="org.apache.catalina.authenticator.DigestAuthenticator"> + + + + + + + + @@ -90,15 +122,31 @@ group="Valve" type="org.apache.catalina.authenticator.FormAuthenticator"> - + + + + + + + + @@ -127,11 +175,23 @@ description="Should we cache authenticated Principals if the request is part of an HTTP session?" type="boolean"/> + + + + + + + + + + + + Modified: tomcat/trunk/webapps/docs/config/valve.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1083879&r1=1083878&r2=1083879&view=diff == --- tomcat/trunk/webapps/docs/config/valve.xml (original) +++ tomcat/trunk/webapps/docs/config/valve.xml Mon Mar 21 17:46:38 2011 @@ -417,11 +417,6 @@ - -Java class name of the implementation to use. This MUST be set to - org.apache.catalina.authenticator.BasicAuthenticator. - - Should a session always be used once a user is authenticated? This may offer some performance benefits since the session can then be used @@ -433,6 +428,12 @@ default value of false will be used. + +Should we cache authenticated Principals if the request is part of an +HTTP session? If not specified, the default value of true +will be used. + + Controls if the session ID is changed if a session exists at the point where users are authenticated. This is to prevent session fixation @@ -440,6 +441,11 @@ used. + +Java class name of the implementation to use. This MUST be set to + org.apache.catalina.authenticator.BasicAuthenticator. + + Controls the caching of pages that are protected by security constraints. Setting this to false may help work around @@ -459,6 +465,18 @@ If not set, the default value of true will be used. + +Name of the algorithm to use to create the +java.security.SecureRandom instances that generate session +IDs. If an invalid algorithm and/or provider is specified, the platform +default provider and the default algorithm will be used. If not +specified, the default algorithm of SHA1PRNG will be used. If the +default algorithm is not supported, the platform default will be used. +To specify that the platform default should be used, do not set the +secureRandomProvider attribute and set this attribute to the empty +string. + + Name of the Java class that extends java.security.SecureRandom to use to generate SSO session @@ -474,18 +492,6 @@ specified, the platform default provider will be used. - -Name of the algorithm to use to create the -java.security.SecureRandom instances that generate session -IDs. If an invalid algorithm and/or provider is specified, the platform -default provider and the default algorithm will be used. If not -specified, the default algorithm of SHA1PRNG will be used. If the -default algorithm is not supported, the platform default will be used. -To specify that the platform default should be used, do not set the -secureRandomProvider attribute and set this attribute to the empty -string. - - @@ -514,9 +520,21 @@ - -Java class name of the implementation to use. This MUST be set to - org.apache.catalina.authenticator.DigestAuthenticator. + +Should
svn commit: r1083905 - /tomcat/trunk/webapps/docs/changelog.xml
Author: markt Date: Mon Mar 21 19:15:27 2011 New Revision: 1083905 URL: http://svn.apache.org/viewvc?rev=1083905&view=rev Log: Add a recent change Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1083905&r1=1083904&r2=1083905&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar 21 19:15:27 2011 @@ -118,6 +118,10 @@ Improve Tomcat Logging documentation. (kkolinko) + +Align the authenticator documentation and MBean descriptors with the +implementation. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50950] NotSerializableException: org.apache.catalina.realm.GenericPrincipal
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME --- Comment #1 from Mark Thomas 2011-03-21 17:27:19 EDT --- I can't reproduce this issue. Additionally: - GenericPrincipal should always be converted to SerializablePrincipal by Tomcat (I can;t see anywhere it isn't) - The stack trace provided below is incomplete If you re-open this issue you will need to provide information necessary to reproduce this issue from a clean install of the latest Tomcat 6.0.x release. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1083987 - in /tomcat/trunk: java/org/apache/catalina/filters/CsrfPreventionFilter.java test/org/apache/catalina/filters/TestCsrfPreventionFilter.java webapps/docs/changelog.xml
Author: markt
Date: Mon Mar 21 22:08:47 2011
New Revision: 1083987
URL: http://svn.apache.org/viewvc?rev=1083987&view=rev
Log:
Make the CSRF nonce cache serializable to fix an issue reported on the users
list.
Custom serialization code could shave ~20% but the code isn't as clean.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
tomcat/trunk/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=1083987&r1=1083986&r2=1083987&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java Mon
Mar 21 22:08:47 2011
@@ -18,6 +18,7 @@
package org.apache.catalina.filters;
import java.io.IOException;
+import java.io.Serializable;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -287,7 +288,9 @@ public class CsrfPreventionFilter extend
}
}
-private static class LruCache {
+protected static class LruCache implements Serializable {
+
+private static final long serialVersionUID = 1L;
// Although the internal implementation uses a Map, this cache
// implementation is only concerned with the keys.
Modified:
tomcat/trunk/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java?rev=1083987&r1=1083986&r2=1083987&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
Mon Mar 21 22:08:47 2011
@@ -17,8 +17,14 @@
package org.apache.catalina.filters;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.filters.CsrfPreventionFilter.LruCache;
import org.apache.catalina.startup.TomcatBaseTest;
public class TestCsrfPreventionFilter extends TomcatBaseTest {
@@ -50,6 +56,41 @@ public class TestCsrfPreventionFilter ex
wrapper.encodeRedirectURL("/test?a=b#c"));
}
+public void testLruCacheSerializable() throws Exception {
+LruCache cache = new LruCache(5);
+cache.add("key1");
+cache.add("key2");
+cache.add("key3");
+cache.add("key4");
+cache.add("key5");
+cache.add("key6");
+
+ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ObjectOutputStream oos = new ObjectOutputStream(baos);
+oos.writeObject(cache);
+
+ByteArrayInputStream bais =
+new ByteArrayInputStream(baos.toByteArray());
+ObjectInputStream ois = new ObjectInputStream(bais);
+@SuppressWarnings("unchecked")
+LruCache cache2 = (LruCache) ois.readObject();
+
+cache2.add("key7");
+assertFalse(cache2.contains("key1"));
+assertFalse(cache2.contains("key2"));
+assertTrue(cache2.contains("key3"));
+assertTrue(cache2.contains("key4"));
+assertTrue(cache2.contains("key5"));
+assertTrue(cache2.contains("key6"));
+assertTrue(cache2.contains("key7"));
+}
+
+public void testLruCacheSerializablePerformance() throws Exception {
+for (int i = 0; i < 1; i++) {
+testLruCacheSerializable();
+}
+}
+
private static class NonEncodingResponse extends TesterResponse {
@Override
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1083987&r1=1083986&r2=1083987&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Mar 21 22:08:47 2011
@@ -77,6 +77,10 @@
50929: When wrapping an exception, include the root cause.
Patch provided by sebb. (markt)
+
+Make the CSRF nonce cache serializable so that it can be replicated
+across a cluster and/or persisted across Tomcat restarts. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
