ASF Bugzilla – Attachment 27825 Details for
Bug 51940
Form Authentication Valve should restore request body on PUT method
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2011-10-20_tc6_51940_v3.patch
2011-10-20_tc6_51940_v3.patch (text/plain), 6.48 KB, created by
Konstantin Kolinko
on 2011-10-20 10:39:24 UTC
(
hide
)
Description:
2011-10-20_tc6_51940_v3.patch
Filename:
MIME Type:
Creator:
Konstantin Kolinko
Created:
2011-10-20 10:39:24 UTC
Size:
6.48 KB
patch
obsolete
>Index: . >=================================================================== >--- . (revision 1186720) >+++ . (working copy) > >Property changes on: . >___________________________________________________________________ >Modified: svn:mergeinfo > Merged /tomcat/trunk:r1181028,1181136,1186378,1186712 >Index: java/org/apache/catalina/authenticator/FormAuthenticator.java >=================================================================== >--- java/org/apache/catalina/authenticator/FormAuthenticator.java (revision 1186720) >+++ java/org/apache/catalina/authenticator/FormAuthenticator.java (working copy) >@@ -315,6 +315,17 @@ > */ > protected void forwardToLoginPage(Request request, Response response, > LoginConfig config) throws IOException { >+ >+ if (log.isDebugEnabled()) { >+ log.debug(sm.getString("formAuthenticator.forwardLogin", >+ request.getRequestURI(), request.getMethod(), >+ config.getLoginPage(), context.getName())); >+ } >+ >+ // Always use GET for the login page, regardless of the method used >+ String oldMethod = request.getCoyoteRequest().method().toString(); >+ request.getCoyoteRequest().method().setString("GET"); >+ > RequestDispatcher disp = > context.getServletContext().getRequestDispatcher > (config.getLoginPage()); >@@ -327,6 +338,9 @@ > request.setAttribute(Globals.EXCEPTION_ATTR, t); > response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, > msg); >+ } finally { >+ // Restore original method so that it is written into access log >+ request.getCoyoteRequest().method().setString(oldMethod); > } > } > >@@ -418,10 +432,11 @@ > request.addCookie((Cookie) cookies.next()); > } > >+ String method = saved.getMethod(); > MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders(); > rmh.recycle(); >- boolean cachable = "GET".equalsIgnoreCase(saved.getMethod()) || >- "HEAD".equalsIgnoreCase(saved.getMethod()); >+ boolean cachable = "GET".equalsIgnoreCase(method) || >+ "HEAD".equalsIgnoreCase(method); > Iterator names = saved.getHeaderNames(); > while (names.hasNext()) { > String name = (String) names.next(); >@@ -447,27 +462,25 @@ > request.getCoyoteRequest().getParameters().setQueryStringEncoding( > request.getConnector().getURIEncoding()); > >- if ("POST".equalsIgnoreCase(saved.getMethod())) { >- ByteChunk body = saved.getBody(); >+ ByteChunk body = saved.getBody(); >+ >+ if (body != null) { >+ request.getCoyoteRequest().action >+ (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body); >+ >+ // Set content type >+ MessageBytes contentType = MessageBytes.newInstance(); > >- if (body != null) { >- request.getCoyoteRequest().action >- (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body); >- >- // Set content type >- MessageBytes contentType = MessageBytes.newInstance(); >- >- //If no content type specified, use default for POST >- String savedContentType = saved.getContentType(); >- if (savedContentType == null) { >- savedContentType = "application/x-www-form-urlencoded"; >- } >+ //If no content type specified, use default for POST >+ String savedContentType = saved.getContentType(); >+ if (savedContentType == null && "POST".equalsIgnoreCase(method)) { >+ savedContentType = "application/x-www-form-urlencoded"; >+ } > >- contentType.setString(savedContentType); >- request.getCoyoteRequest().setContentType(contentType); >- } >+ contentType.setString(savedContentType); >+ request.getCoyoteRequest().setContentType(contentType); > } >- request.getCoyoteRequest().method().setString(saved.getMethod()); >+ request.getCoyoteRequest().method().setString(method); > > request.getCoyoteRequest().queryString().setString > (saved.getQueryString()); >@@ -511,20 +524,22 @@ > saved.addLocale(locale); > } > >- if ("POST".equalsIgnoreCase(request.getMethod())) { >- // May need to acknowledge a 100-continue expectation >- request.getResponse().sendAcknowledgement(); >+ // May need to acknowledge a 100-continue expectation >+ request.getResponse().sendAcknowledgement(); > >- ByteChunk body = new ByteChunk(); >- body.setLimit(request.getConnector().getMaxSavePostSize()); >+ ByteChunk body = new ByteChunk(); >+ body.setLimit(request.getConnector().getMaxSavePostSize()); > >- byte[] buffer = new byte[4096]; >- int bytesRead; >- InputStream is = request.getInputStream(); >- >- while ( (bytesRead = is.read(buffer) ) >= 0) { >- body.append(buffer, 0, bytesRead); >- } >+ byte[] buffer = new byte[4096]; >+ int bytesRead; >+ InputStream is = request.getInputStream(); >+ >+ while ( (bytesRead = is.read(buffer) ) >= 0) { >+ body.append(buffer, 0, bytesRead); >+ } >+ >+ // Only save the request body if there is something to save >+ if (body.getLength() > 0) { > saved.setContentType(request.getContentType()); > saved.setBody(body); > } >Index: java/org/apache/catalina/authenticator/LocalStrings.properties >=================================================================== >--- java/org/apache/catalina/authenticator/LocalStrings.properties (revision 1186720) >+++ java/org/apache/catalina/authenticator/LocalStrings.properties (working copy) >@@ -31,4 +31,5 @@ > digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes. > > formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page >+formAuthenticator.forwardLogin=Forwarding request for [{0}] made with method [{1}] to login page [{2}] of context [{3}] using request method GET > formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 51940
:
27729
| 27825