import java.io.IOException;
import java.security.Principal;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
*/
- public boolean authenticate(Request request, Response response,
+ public boolean authenticate(Request request, HttpServletResponse response,
LoginConfig config) throws IOException;
/**
* SSO sessions.
*
* @param request The servlet request we are processing
- * @param response The servlet response we are generating
+ * @param response The servlet response we are populating
* @param principal The authenticated Principal to be registered
* @param authType The authentication type to be registered
* @param username Username used to authenticate (if any)
* @param password Password used to authenticate (if any)
*/
- public void register(Request request, Response response,
+ public void register(Request request, HttpServletResponse response,
Principal principal, String authType,
String username, String password);
}
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
*/
protected static final int SESSION_ID_BYTES = 16;
+ /**
+ * Authentication header
+ */
+ protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
/**
* The message digest algorithm to be used when generating session
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
*/
public abstract boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException;
* @param username Username used to authenticate (if any)
* @param password Password used to authenticate (if any)
*/
- public void register(Request request, Response response,
+ public void register(Request request, HttpServletResponse response,
Principal principal, String authType,
String username, String password) {
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.Base64;
import org.apache.juli.logging.Log;
extends AuthenticatorBase {
private static final Log log = LogFactory.getLog(BasicAuthenticator.class);
-
-
- /**
- * Authenticate bytes.
- */
- public static final byte[] AUTHENTICATE_BYTES = {
- (byte) 'W',
- (byte) 'W',
- (byte) 'W',
- (byte) '-',
- (byte) 'A',
- (byte) 'u',
- (byte) 't',
- (byte) 'h',
- (byte) 'e',
- (byte) 'n',
- (byte) 't',
- (byte) 'i',
- (byte) 'c',
- (byte) 'a',
- (byte) 't',
- (byte) 'e'
- };
-
-
// ----------------------------------------------------- Instance Variables
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
}
}
-
- // Send an "unauthorized" response and an appropriate challenge
- MessageBytes authenticate =
- response.getCoyoteResponse().getMimeHeaders()
- .addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);
- CharChunk authenticateCC = authenticate.getCharChunk();
- authenticateCC.append("Basic realm=\"");
+ StringBuilder value = new StringBuilder(16);
+ value.append("Basic realm=\"");
if (config.getRealmName() == null) {
- authenticateCC.append(request.getServerName());
- authenticateCC.append(':');
- authenticateCC.append(Integer.toString(request.getServerPort()));
+ value.append(request.getServerName());
+ value.append(':');
+ value.append(Integer.toString(request.getServerPort()));
} else {
- authenticateCC.append(config.getRealmName());
+ value.append(config.getRealmName());
}
- authenticateCC.append('\"');
- authenticate.toChars();
+ value.append('\"');
+ response.setHeader(AUTH_HEADER_NAME, value.toString());
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- //response.flushBuffer();
return (false);
}
import java.security.Principal;
import java.util.StringTokenizer;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.util.MD5Encoder;
import org.apache.juli.logging.Log;
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
* should be performed
* @param nOnce nonce token
*/
- protected void setAuthenticateHeader(Request request,
- Response response,
+ protected void setAuthenticateHeader(HttpServletRequest request,
+ HttpServletResponse response,
LoginConfig config,
String nOnce) {
String authenticateHeader = "Digest realm=\"" + realmName + "\", "
+ "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
+ md5Encoder.encode(buffer) + "\"";
- response.setHeader("WWW-Authenticate", authenticateHeader);
+ response.setHeader(AUTH_HEADER_NAME, authenticateHeader);
}
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
* Called to forward to the login page
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*/
- protected void forwardToLoginPage(Request request, Response response, LoginConfig config) {
+ protected void forwardToLoginPage(Request request,
+ HttpServletResponse response, LoginConfig config) {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
- disp.forward(request.getRequest(), response.getResponse());
- response.finishResponse();
+ disp.forward(request.getRequest(), response);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to login page", t);
}
* Called to forward to the error page
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*/
- protected void forwardToErrorPage(Request request, Response response, LoginConfig config) {
+ protected void forwardToErrorPage(Request request,
+ HttpServletResponse response, LoginConfig config) {
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
- disp.forward(request.getRequest(), response.getResponse());
+ disp.forward(request.getRequest(), response);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to error page", t);
}
import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
* created a response challenge already.
*
* @param request Request we are processing
- * @param response Response we are creating
+ * @param response Response we are populating
* @param config Login configuration describing how authentication
* should be performed
*
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
*/
@Override
public boolean authenticate(Request request,
- Response response,
+ HttpServletResponse response,
LoginConfig config)
throws IOException {
import javax.servlet.http.HttpSession;
import javax.servlet.http.Part;
-import org.apache.catalina.Authenticator;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.Host;
sm.getString("coyoteRequest.authenticate.ise"));
}
- // TODO SERVLET3
- return false;
+ LoginConfig config = context.getLoginConfig();
+
+ if (config == null) {
+ throw new ServletException(
+ sm.getString("coyoteRequest.noLoginConfig"));
+ }
+ return context.getAuthenticator().authenticate(this, response, config);
}
/**
sm.getString("coyoteRequest.alreadyAuthenticated"));
}
- if (context.getLoginConfig() == null) {
+ LoginConfig config = context.getLoginConfig();
+ if (config == null) {
throw new ServletException(
sm.getString("coyoteRequest.noLoginConfig"));
}
- String authMethod = context.getLoginConfig().getAuthMethod();
+ String authMethod = config.getAuthMethod();
if (BASIC_AUTH.equals(authMethod) || FORM_AUTH.equals(authMethod) ||
DIGEST_AUTH.equals(authMethod)) {
// Methods support user name and password authentication
projects / tomcat7.0 / commitdiff