Attachment 27825 Details for Bug 51940 – 2011-10-20_tc6_51940_v3.patch

[patch] 2011-10-20_tc6_51940_v3.patch

2011-10-20_tc6_51940_v3.patch (text/plain), 6.48 KB, created by Konstantin Kolinko on 2011-10-20 10:39:24 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Konstantin Kolinko

Created: 2011-10-20 10:39:24 UTC

Size: 6.48 KB

patch

obsolete

>Index: .
>===================================================================
>--- .	(revision 1186720)
>+++ .	(working copy)
>
>Property changes on: .
>___________________________________________________________________
>Modified: svn:mergeinfo
>   Merged /tomcat/trunk:r1181028,1181136,1186378,1186712
>Index: java/org/apache/catalina/authenticator/FormAuthenticator.java
>===================================================================
>--- java/org/apache/catalina/authenticator/FormAuthenticator.java	(revision 1186720)
>+++ java/org/apache/catalina/authenticator/FormAuthenticator.java	(working copy)
>@@ -315,6 +315,17 @@
>      */
>     protected void forwardToLoginPage(Request request, Response response,
>             LoginConfig config) throws IOException {
>+        
>+        if (log.isDebugEnabled()) {
>+            log.debug(sm.getString("formAuthenticator.forwardLogin",
>+                    request.getRequestURI(), request.getMethod(),
>+                    config.getLoginPage(), context.getName()));
>+        }
>+
>+        // Always use GET for the login page, regardless of the method used
>+        String oldMethod = request.getCoyoteRequest().method().toString();
>+        request.getCoyoteRequest().method().setString("GET");
>+
>         RequestDispatcher disp =
>             context.getServletContext().getRequestDispatcher
>             (config.getLoginPage());
>@@ -327,6 +338,9 @@
>             request.setAttribute(Globals.EXCEPTION_ATTR, t);
>             response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
>                     msg);
>+        } finally {
>+            // Restore original method so that it is written into access log
>+            request.getCoyoteRequest().method().setString(oldMethod);
>         }
>     }
> 
>@@ -418,10 +432,11 @@
>             request.addCookie((Cookie) cookies.next());
>         }
> 
>+        String method = saved.getMethod();
>         MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
>         rmh.recycle();
>-        boolean cachable = "GET".equalsIgnoreCase(saved.getMethod()) ||
>-                           "HEAD".equalsIgnoreCase(saved.getMethod());
>+        boolean cachable = "GET".equalsIgnoreCase(method) ||
>+                           "HEAD".equalsIgnoreCase(method);
>         Iterator names = saved.getHeaderNames();
>         while (names.hasNext()) {
>             String name = (String) names.next();
>@@ -447,27 +462,25 @@
>         request.getCoyoteRequest().getParameters().setQueryStringEncoding(
>                 request.getConnector().getURIEncoding());
> 
>-        if ("POST".equalsIgnoreCase(saved.getMethod())) {
>-            ByteChunk body = saved.getBody();
>+        ByteChunk body = saved.getBody();
>+
>+        if (body != null) {
>+            request.getCoyoteRequest().action
>+                (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
>+
>+            // Set content type
>+            MessageBytes contentType = MessageBytes.newInstance();
>             
>-            if (body != null) {
>-                request.getCoyoteRequest().action
>-                    (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
>-    
>-                // Set content type
>-                MessageBytes contentType = MessageBytes.newInstance();
>-                
>-                //If no content type specified, use default for POST
>-                String savedContentType = saved.getContentType();
>-                if (savedContentType == null) {
>-                    savedContentType = "application/x-www-form-urlencoded";
>-                }
>+            //If no content type specified, use default for POST
>+            String savedContentType = saved.getContentType();
>+            if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
>+                savedContentType = "application/x-www-form-urlencoded";
>+            }
> 
>-                contentType.setString(savedContentType);
>-                request.getCoyoteRequest().setContentType(contentType);
>-            }
>+            contentType.setString(savedContentType);
>+            request.getCoyoteRequest().setContentType(contentType);
>         }
>-        request.getCoyoteRequest().method().setString(saved.getMethod());
>+        request.getCoyoteRequest().method().setString(method);
> 
>         request.getCoyoteRequest().queryString().setString
>             (saved.getQueryString());
>@@ -511,20 +524,22 @@
>             saved.addLocale(locale);
>         }
> 
>-        if ("POST".equalsIgnoreCase(request.getMethod())) {
>-            // May need to acknowledge a 100-continue expectation
>-            request.getResponse().sendAcknowledgement();
>+        // May need to acknowledge a 100-continue expectation
>+        request.getResponse().sendAcknowledgement();
> 
>-            ByteChunk body = new ByteChunk();
>-            body.setLimit(request.getConnector().getMaxSavePostSize());
>+        ByteChunk body = new ByteChunk();
>+        body.setLimit(request.getConnector().getMaxSavePostSize());
> 
>-            byte[] buffer = new byte[4096];
>-            int bytesRead;
>-            InputStream is = request.getInputStream();
>-        
>-            while ( (bytesRead = is.read(buffer) ) >= 0) {
>-                body.append(buffer, 0, bytesRead);
>-            }
>+        byte[] buffer = new byte[4096];
>+        int bytesRead;
>+        InputStream is = request.getInputStream();
>+    
>+        while ( (bytesRead = is.read(buffer) ) >= 0) {
>+            body.append(buffer, 0, bytesRead);
>+        }
>+
>+        // Only save the request body if there is something to save
>+        if (body.getLength() > 0) {
>             saved.setContentType(request.getContentType());
>             saved.setBody(body);
>         }
>Index: java/org/apache/catalina/authenticator/LocalStrings.properties
>===================================================================
>--- java/org/apache/catalina/authenticator/LocalStrings.properties	(revision 1186720)
>+++ java/org/apache/catalina/authenticator/LocalStrings.properties	(working copy)
>@@ -31,4 +31,5 @@
> digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
>  
> formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
>+formAuthenticator.forwardLogin=Forwarding request for [{0}] made with method [{1}] to login page [{2}] of context [{3}] using request method GET  
> formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page

Actions: View | Diff

Attachments on bug 51940: 27729 | 27825