Lines 21-29
Link Here
|
21 |
|
21 |
|
22 |
import java.io.IOException; |
22 |
import java.io.IOException; |
23 |
import java.security.Principal; |
23 |
import java.security.Principal; |
24 |
|
24 |
import javax.servlet.http.HttpServletRequest; |
25 |
import javax.servlet.http.HttpServletResponse; |
25 |
import javax.servlet.http.HttpServletResponse; |
26 |
|
|
|
27 |
import org.apache.catalina.connector.Request; |
26 |
import org.apache.catalina.connector.Request; |
28 |
import org.apache.catalina.connector.Response; |
27 |
import org.apache.catalina.connector.Response; |
29 |
import org.apache.catalina.deploy.LoginConfig; |
28 |
import org.apache.catalina.deploy.LoginConfig; |
Lines 82-87
Link Here
|
82 |
*/ |
81 |
*/ |
83 |
protected static final String info = |
82 |
protected static final String info = |
84 |
"org.apache.catalina.authenticator.BasicAuthenticator/1.0"; |
83 |
"org.apache.catalina.authenticator.BasicAuthenticator/1.0"; |
|
|
84 |
|
85 |
protected static final String negotiate="org.apache.tomcat.config.NEGOTIATE" ; |
85 |
|
86 |
|
86 |
|
87 |
|
87 |
// ------------------------------------------------------------- Properties |
88 |
// ------------------------------------------------------------- Properties |
Lines 113-125
Link Here
|
113 |
* |
114 |
* |
114 |
* @exception IOException if an input/output error occurs |
115 |
* @exception IOException if an input/output error occurs |
115 |
*/ |
116 |
*/ |
|
|
117 |
|
116 |
public boolean authenticate(Request request, |
118 |
public boolean authenticate(Request request, |
117 |
Response response, |
119 |
Response response, |
118 |
LoginConfig config) |
120 |
LoginConfig config) |
119 |
throws IOException { |
121 |
throws IOException { |
120 |
|
122 |
HttpServletResponse httpResponse=response.getResponse(); |
121 |
// Have we already authenticated someone? |
123 |
HttpServletRequest httpRequest=request.getRequest(); |
122 |
Principal principal = request.getUserPrincipal(); |
124 |
String header=httpRequest.getHeader("Authorization"); |
|
|
125 |
if(System.getProperty(negotiate, "false").equalsIgnoreCase("true")) |
126 |
{ |
127 |
if(header == null) |
128 |
{ |
129 |
httpResponse.setHeader("WWW-Authenticate", "Negotiate"); |
130 |
httpResponse.setStatus(401); |
131 |
return(false); |
132 |
} |
133 |
else |
134 |
if(header!=null&&header.startsWith("Negotiate")) |
135 |
{ |
136 |
Principal principal = request.getUserPrincipal(); |
137 |
String username=header.substring(10); |
138 |
String password=null; |
139 |
principal = context.getRealm().authenticate(username, password); |
140 |
if (principal != null) { |
141 |
register(request, response, principal, Constants.BASIC_METHOD, |
142 |
username, password); |
143 |
return (true); |
144 |
} |
145 |
else |
146 |
request.getCoyoteRequest().getMimeHeaders().removeHeader("authorization"); |
147 |
} |
148 |
} |
149 |
|
150 |
// Have we already authenticated someone? |
151 |
Principal principal = request.getUserPrincipal(); |
123 |
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); |
152 |
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); |
124 |
if (principal != null) { |
153 |
if (principal != null) { |
125 |
if (log.isDebugEnabled()) |
154 |
if (log.isDebugEnabled()) |
Lines 173-183
Link Here
|
173 |
username = new String(buf, 0, colon); |
202 |
username = new String(buf, 0, colon); |
174 |
password = new String(buf, colon + 1, |
203 |
password = new String(buf, colon + 1, |
175 |
authorizationCC.getEnd() - colon - 1); |
204 |
authorizationCC.getEnd() - colon - 1); |
176 |
} |
205 |
} |
177 |
|
206 |
|
178 |
authorizationBC.setOffset(authorizationBC.getOffset() - 6); |
207 |
authorizationBC.setOffset(authorizationBC.getOffset() - 6); |
179 |
} |
208 |
} |
180 |
|
|
|
181 |
principal = context.getRealm().authenticate(username, password); |
209 |
principal = context.getRealm().authenticate(username, password); |
182 |
if (principal != null) { |
210 |
if (principal != null) { |
183 |
register(request, response, principal, Constants.BASIC_METHOD, |
211 |
register(request, response, principal, Constants.BASIC_METHOD, |
Lines 186-192
Link Here
|
186 |
} |
214 |
} |
187 |
} |
215 |
} |
188 |
|
216 |
|
189 |
|
|
|
190 |
// Send an "unauthorized" response and an appropriate challenge |
217 |
// Send an "unauthorized" response and an appropriate challenge |
191 |
MessageBytes authenticate = |
218 |
MessageBytes authenticate = |
192 |
response.getCoyoteResponse().getMimeHeaders() |
219 |
response.getCoyoteResponse().getMimeHeaders() |
Lines 205-212
Link Here
|
205 |
response.sendError(HttpServletResponse.SC_UNAUTHORIZED); |
232 |
response.sendError(HttpServletResponse.SC_UNAUTHORIZED); |
206 |
//response.flushBuffer(); |
233 |
//response.flushBuffer(); |
207 |
return (false); |
234 |
return (false); |
208 |
|
|
|
209 |
} |
235 |
} |
210 |
|
|
|
211 |
|
212 |
} |
236 |
} |