From 0f4fdef669f65046275c44837f1578b65312ff0f Mon Sep 17 00:00:00 2001 From: Marek Czernek Date: Wed, 7 Feb 2018 22:08:20 +0100 Subject: [PATCH 1/5] Add logout for Host Manager --- .../catalina/manager/host/Constants.java | 2 ++ .../manager/host/HTMLHostManagerServlet.java | 20 ++++++++++++++++++- .../manager/host/LocalStrings.properties | 2 ++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/manager/host/Constants.java b/java/org/apache/catalina/manager/host/Constants.java index 904b5f43aa40..139a29ad8cdc 100644 --- a/java/org/apache/catalina/manager/host/Constants.java +++ b/java/org/apache/catalina/manager/host/Constants.java @@ -29,6 +29,8 @@ public class Constants { " " + "{0} \n" + " 
{1}
\n" + + " " + + " {3}\n" + " \n" + "\n" + "
\n" + diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java index 9bb0d3bc3092..b272198f030b 100644 --- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java +++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java @@ -97,6 +97,10 @@ public void doGet(HttpServletRequest request, command.equals("/persist")) { message = smClient.getString( "hostManagerServlet.postCommand", command); + } else if (command.equals("/logout")) { + logout(request, response); + // No fail state, always send OK + message = smClient.getString("hostManagerServlet.logout"); } else { message = smClient.getString( "hostManagerServlet.unknownCommand", command); @@ -173,6 +177,18 @@ protected String add(HttpServletRequest request,String name, return stringWriter.toString(); } + /** + * Log out by invalidating the current session and sending 401 + * in order to prompt user for new login upon next access. + * + * @param request The Servlet request + * @param response The Servlet response + */ + protected void logout(HttpServletRequest request, HttpServletResponse response) { + request.getSession().invalidate(); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + /** * Remove the specified host. @@ -277,13 +293,15 @@ public void list(HttpServletRequest request, org.apache.catalina.manager.Constants.BODY_HEADER_SECTION, args)); // Message Section - args = new Object[3]; + args = new Object[4]; args[0] = smClient.getString("htmlHostManagerServlet.messageLabel"); if (message == null || message.length() == 0) { args[1] = "OK"; } else { args[1] = Escape.htmlElementContent(message); } + args[2] = response.encodeURL(request.getContextPath() + "/html/logout"); + args[3] = smClient.getString("htmlHostManagerServlet.logoutLabel"); writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args)); // Manager Section diff --git a/java/org/apache/catalina/manager/host/LocalStrings.properties b/java/org/apache/catalina/manager/host/LocalStrings.properties index ffb77021b550..d8a7e51a6743 100644 --- a/java/org/apache/catalina/manager/host/LocalStrings.properties +++ b/java/org/apache/catalina/manager/host/LocalStrings.properties @@ -47,9 +47,11 @@ hostManagerServlet.stop=stop: Stopping host with name [{0}] hostManagerServlet.persist=persist: Persisting current configuration hostManagerServlet.persisted=OK - Configuration persisted hostManagerServlet.persistFailed=FAIL - Failed to persist configuration +hostManagerServlet.logout=OK - Logged out htmlHostManagerServlet.title=Tomcat Virtual Host Manager htmlHostManagerServlet.messageLabel=Message: +htmlHostManagerServlet.logoutLabel=Logout htmlHostManagerServlet.manager=Host Manager htmlHostManagerServlet.list=List Virtual Hosts htmlHostManagerServlet.helpHtmlManagerFile=../docs/html-host-manager-howto.html From 8e4d44e470d8395af5d0ecc99fd510c551ee2808 Mon Sep 17 00:00:00 2001 From: Marek Czernek Date: Fri, 9 Feb 2018 11:13:18 +0100 Subject: [PATCH 2/5] Add logout for Manager --- java/org/apache/catalina/manager/Constants.java | 2 ++ .../apache/catalina/manager/HTMLManagerServlet.java | 13 ++++++++++++- .../apache/catalina/manager/LocalStrings.properties | 2 ++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/manager/Constants.java b/java/org/apache/catalina/manager/Constants.java index 204e439feba4..98ecb16c233f 100644 --- a/java/org/apache/catalina/manager/Constants.java +++ b/java/org/apache/catalina/manager/Constants.java @@ -147,6 +147,8 @@ public class Constants { " " + "{0} \n" + " 
{1}
\n" + + " " + + " {3}\n" + " \n" + "\n" + "
\n" + diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java b/java/org/apache/catalina/manager/HTMLManagerServlet.java index f0260cdb0d5e..c39a2df4005b 100644 --- a/java/org/apache/catalina/manager/HTMLManagerServlet.java +++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java @@ -150,6 +150,10 @@ public void doGet(HttpServletRequest request, command.equals("/stop")) { message = smClient.getString("managerServlet.postCommand", command); + } else if (command.equals("/logout")) { + logout(request, response); + // No fail state, always send OK + message = smClient.getString("htmlManagerServlet.logout"); } else { message = smClient.getString("managerServlet.unknownCommand", command); @@ -354,13 +358,15 @@ protected void list(HttpServletRequest request, (Constants.BODY_HEADER_SECTION, args)); // Message Section - args = new Object[3]; + args = new Object[4]; args[0] = smClient.getString("htmlManagerServlet.messageLabel"); if (message == null || message.length() == 0) { args[1] = "OK"; } else { args[1] = Escape.htmlElementContent(message); } + args[2] = response.encodeURL(request.getContextPath() + "/html/logout"); + args[3] = smClient.getString("htmlManagerServlet.logoutLabel"); writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args)); // Manager Section @@ -802,6 +808,11 @@ public void init() throws ServletException { showProxySessions = Boolean.parseBoolean(value); } + protected void logout(HttpServletRequest request, HttpServletResponse response) { + request.getSession().invalidate(); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + // ------------------------------------------------ Sessions administration /** diff --git a/java/org/apache/catalina/manager/LocalStrings.properties b/java/org/apache/catalina/manager/LocalStrings.properties index a73232d8d4d8..9fc89db350e3 100644 --- a/java/org/apache/catalina/manager/LocalStrings.properties +++ b/java/org/apache/catalina/manager/LocalStrings.properties @@ -68,6 +68,8 @@ htmlManagerServlet.findleaksNone=No web applications appear to have triggered a htmlManagerServlet.list=List Applications htmlManagerServlet.manager=Manager htmlManagerServlet.messageLabel=Message: +htmlManagerServlet.logoutLabel=Logout +htmlManagerServlet.logout=OK - Logged out htmlManagerServlet.noManager=- htmlManagerServlet.serverHostname=Hostname htmlManagerServlet.serverIPAddress=IP Address From 86a1fd2acb7add45d86b85d89f0ddb55e817c5b8 Mon Sep 17 00:00:00 2001 From: Marek Czernek Date: Fri, 9 Feb 2018 11:18:32 +0100 Subject: [PATCH 3/5] Add docs --- java/org/apache/catalina/manager/HTMLManagerServlet.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java b/java/org/apache/catalina/manager/HTMLManagerServlet.java index c39a2df4005b..8d700243f1fa 100644 --- a/java/org/apache/catalina/manager/HTMLManagerServlet.java +++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java @@ -808,6 +808,13 @@ public void init() throws ServletException { showProxySessions = Boolean.parseBoolean(value); } + /** + * Log out by invalidating the current session and sending 401 + * in order to prompt user for new login upon next access. + * + * @param request The Servlet request + * @param response The Servlet response + */ protected void logout(HttpServletRequest request, HttpServletResponse response) { request.getSession().invalidate(); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); From e21983e1234e0a6f582322ca512b23a077c8f80b Mon Sep 17 00:00:00 2001 From: Marek Czernek Date: Fri, 16 Feb 2018 13:37:59 +0100 Subject: [PATCH 4/5] Script logout prototype --- .../manager/host/HTMLHostManagerServlet.java | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java index b272198f030b..5ffd83c29f2d 100644 --- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java +++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java @@ -184,9 +184,24 @@ protected String add(HttpServletRequest request,String name, * @param request The Servlet request * @param response The Servlet response */ - protected void logout(HttpServletRequest request, HttpServletResponse response) { + protected void logout(HttpServletRequest request, HttpServletResponse response) throws IOException { + response.setHeader("WWW-Authenticate","Basic realm=\"Login required\""); request.getSession().invalidate(); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + + String javascriptToBeExecuted = ""; + response.getWriter().print(javascriptToBeExecuted); } From 814dfa714b8be6322fd6357284aa90798265b087 Mon Sep 17 00:00:00 2001 From: Marek Czernek Date: Mon, 19 Feb 2018 09:12:32 +0100 Subject: [PATCH 5/5] Comment out JS experiments --- .../apache/catalina/manager/host/HTMLHostManagerServlet.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java index 5ffd83c29f2d..cb6010e13bf3 100644 --- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java +++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java @@ -189,6 +189,7 @@ protected void logout(HttpServletRequest request, HttpServletResponse response) request.getSession().invalidate(); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + /* Experiments with Javascript String javascriptToBeExecuted = ""; response.getWriter().print(javascriptToBeExecuted); + + */ }