View | Details | Raw Unified | Return to bug 51940
Collapse All | Expand All

(-)java/org/apache/catalina/authenticator/FormAuthenticator.java (-32 / +47 lines)
Lines 315-320 Link Here
315
     */
315
     */
316
    protected void forwardToLoginPage(Request request, Response response,
316
    protected void forwardToLoginPage(Request request, Response response,
317
            LoginConfig config) throws IOException {
317
            LoginConfig config) throws IOException {
318
        
319
        if (log.isDebugEnabled()) {
320
            log.debug(sm.getString("formAuthenticator.forwardLogin",
321
                    request.getRequestURI(), request.getMethod(),
322
                    config.getLoginPage(), context.getName()));
323
        }
324
325
        // Always use GET for the login page, regardless of the method used
326
        String oldMethod = request.getCoyoteRequest().method().toString();
327
        request.getCoyoteRequest().method().setString("GET");
328
318
        RequestDispatcher disp =
329
        RequestDispatcher disp =
319
            context.getServletContext().getRequestDispatcher
330
            context.getServletContext().getRequestDispatcher
320
            (config.getLoginPage());
331
            (config.getLoginPage());
Lines 327-332 Link Here
327
            request.setAttribute(Globals.EXCEPTION_ATTR, t);
338
            request.setAttribute(Globals.EXCEPTION_ATTR, t);
328
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
339
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
329
                    msg);
340
                    msg);
341
        } finally {
342
            // Restore original method so that it is written into access log
343
            request.getCoyoteRequest().method().setString(oldMethod);
330
        }
344
        }
331
    }
345
    }
332
346
Lines 418-427 Link Here
418
            request.addCookie((Cookie) cookies.next());
432
            request.addCookie((Cookie) cookies.next());
419
        }
433
        }
420
434
435
        String method = saved.getMethod();
421
        MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
436
        MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
422
        rmh.recycle();
437
        rmh.recycle();
423
        boolean cachable = "GET".equalsIgnoreCase(saved.getMethod()) ||
438
        boolean cachable = "GET".equalsIgnoreCase(method) ||
424
                           "HEAD".equalsIgnoreCase(saved.getMethod());
439
                           "HEAD".equalsIgnoreCase(method);
425
        Iterator names = saved.getHeaderNames();
440
        Iterator names = saved.getHeaderNames();
426
        while (names.hasNext()) {
441
        while (names.hasNext()) {
427
            String name = (String) names.next();
442
            String name = (String) names.next();
Lines 447-473 Link Here
447
        request.getCoyoteRequest().getParameters().setQueryStringEncoding(
462
        request.getCoyoteRequest().getParameters().setQueryStringEncoding(
448
                request.getConnector().getURIEncoding());
463
                request.getConnector().getURIEncoding());
449
464
450
        if ("POST".equalsIgnoreCase(saved.getMethod())) {
465
        ByteChunk body = saved.getBody();
451
            ByteChunk body = saved.getBody();
466
467
        if (body != null) {
468
            request.getCoyoteRequest().action
469
                (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
470
471
            // Set content type
472
            MessageBytes contentType = MessageBytes.newInstance();
452
            
473
            
453
            if (body != null) {
474
            //If no content type specified, use default for POST
454
                request.getCoyoteRequest().action
475
            String savedContentType = saved.getContentType();
455
                    (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
476
            if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
456
    
477
                savedContentType = "application/x-www-form-urlencoded";
457
                // Set content type
478
            }
458
                MessageBytes contentType = MessageBytes.newInstance();
459
                
460
                //If no content type specified, use default for POST
461
                String savedContentType = saved.getContentType();
462
                if (savedContentType == null) {
463
                    savedContentType = "application/x-www-form-urlencoded";
464
                }
465
479
466
                contentType.setString(savedContentType);
480
            contentType.setString(savedContentType);
467
                request.getCoyoteRequest().setContentType(contentType);
481
            request.getCoyoteRequest().setContentType(contentType);
468
            }
469
        }
482
        }
470
        request.getCoyoteRequest().method().setString(saved.getMethod());
483
        request.getCoyoteRequest().method().setString(method);
471
484
472
        request.getCoyoteRequest().queryString().setString
485
        request.getCoyoteRequest().queryString().setString
473
            (saved.getQueryString());
486
            (saved.getQueryString());
Lines 511-530 Link Here
511
            saved.addLocale(locale);
524
            saved.addLocale(locale);
512
        }
525
        }
513
526
514
        if ("POST".equalsIgnoreCase(request.getMethod())) {
527
        // May need to acknowledge a 100-continue expectation
515
            // May need to acknowledge a 100-continue expectation
528
        request.getResponse().sendAcknowledgement();
516
            request.getResponse().sendAcknowledgement();
517
529
518
            ByteChunk body = new ByteChunk();
530
        ByteChunk body = new ByteChunk();
519
            body.setLimit(request.getConnector().getMaxSavePostSize());
531
        body.setLimit(request.getConnector().getMaxSavePostSize());
520
532
521
            byte[] buffer = new byte[4096];
533
        byte[] buffer = new byte[4096];
522
            int bytesRead;
534
        int bytesRead;
523
            InputStream is = request.getInputStream();
535
        InputStream is = request.getInputStream();
524
        
536
    
525
            while ( (bytesRead = is.read(buffer) ) >= 0) {
537
        while ( (bytesRead = is.read(buffer) ) >= 0) {
526
                body.append(buffer, 0, bytesRead);
538
            body.append(buffer, 0, bytesRead);
527
            }
539
        }
540
541
        // Only save the request body if there is something to save
542
        if (body.getLength() > 0) {
528
            saved.setContentType(request.getContentType());
543
            saved.setContentType(request.getContentType());
529
            saved.setBody(body);
544
            saved.setBody(body);
530
        }
545
        }
(-)java/org/apache/catalina/authenticator/LocalStrings.properties (+1 lines)
Lines 31-34 Link Here
31
digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
31
digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
32
 
32
 
33
formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
33
formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
34
formAuthenticator.forwardLogin=Forwarding request for [{0}] made with method [{1}] to login page [{2}] of context [{3}] using request method GET  
34
formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
35
formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page

Return to bug 51940