Skip to content

Commit

Permalink
Extracted is login action request check
Browse files Browse the repository at this point in the history 
Removed password validation callback, because we can use Realm directly
Patch by fjodorver

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1689073 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@markt-asf
markt-asf committed Jul 3, 2015
1 parent ccea3bb commit 6022c2d
Showing 1 changed file with 22 additions and 23 deletions.
45 changes: 22 additions & 23 deletions java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
View file
Expand Up @@ -107,7 +107,7 @@ private AuthStatus validate(MessageInfo messageInfo, Subject clientSubject) thro
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();

// Have we authenticated this user before but have caching disabled?
if (!isCache()) {
if (!isCache()) { //TODO Ask is it required? May be principal must be always cached
Session session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
log.debug("Checking for reauthenticate in session " + session);
Expand All @@ -118,21 +118,18 @@ private AuthStatus validate(MessageInfo messageInfo, Subject clientSubject) thro
if (log.isDebugEnabled()) {
log.debug("Reauthenticating username '" + username + "'");
}
PasswordValidationCallback passwordCallback = new PasswordValidationCallback(
clientSubject, username, password.toCharArray());
handler.handle(new Callback[] { passwordCallback });

if (!passwordCallback.getResult()) {
Principal principal = realm.authenticate(username, password);
if (principal == null) {
forwardToErrorPage(request, response);
return AuthStatus.FAILURE;
}
Principal principal = getPrincipal(passwordCallback);
if (principal != null) {
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
if (!isMatchingSavedRequest(request)) {
handlePrincipalCallbacks(clientSubject, principal);
return AuthStatus.SUCCESS;
}

session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
if (!isMatchingSavedRequest(request)) {
handlePrincipalCallbacks(clientSubject, principal);
return AuthStatus.SUCCESS;
}

if (log.isDebugEnabled()) {
log.debug("Reauthentication failed, proceed normally");
}
Expand All @@ -146,14 +143,7 @@ private AuthStatus validate(MessageInfo messageInfo, Subject clientSubject) thro
return submitSavedRequest(clientSubject, request, response);
}

String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();

// Is this the action request from the login page?
boolean loginAction = requestURI.startsWith(contextPath)
&& requestURI.endsWith(Constants.FORM_ACTION);

if (!loginAction) {
if (!isLoginActionRequest(request)) {
return handleNoLoginAction(request, response);
}

Expand Down Expand Up @@ -597,10 +587,11 @@ protected void saveRequest(Request request, Session session) throws IOException
SavedRequest saved = new SavedRequest();
Cookie cookies[] = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
saved.addCookie(cookies[i]);
for (Cookie cookie : cookies) {
saved.addCookie(cookie);
}
}

Enumeration<String> names = request.getHeaderNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
Expand Down Expand Up @@ -666,4 +657,12 @@ protected String savedRequestURL(Session session) {
return (sb.toString());

}


private boolean isLoginActionRequest(Request request) {
String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
return requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION);
}

}

0 comments on commit 6022c2d

Please sign in to comment.