Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537

Return an error page if a forward during form auth fails rather than a zero length 200 response.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@889606 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 07ade7a..0cf369c 100644 (file)
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -30,6 +30,7 @@ import javax.servlet.RequestDispatcher;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.Globals;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -307,16 +308,24 @@ public class FormAuthenticator
      * @param response Response we are populating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the login page fails and the call
+     *                      to {@link HttpServletResponse#sendError(int, String)
+     *                      throws an {@link IOException}
      */
     protected void forwardToLoginPage(Request request,
-            HttpServletResponse response, LoginConfig config) {
+            HttpServletResponse response, LoginConfig config)
+            throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getLoginPage());
         try {
             disp.forward(request.getRequest(), response);
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to login page", t);
+            String msg = sm.getString("formAuthenticator.forwardLoginFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 
@@ -328,16 +337,24 @@ public class FormAuthenticator
      * @param response Response we are populating
      * @param config    Login configuration describing how authentication
      *              should be performed
+     * @throws IOException  If the forward to the error page fails and the call
+     *                      to {@link HttpServletResponse#sendError(int, String)
+     *                      throws an {@link IOException}
      */
     protected void forwardToErrorPage(Request request,
-            HttpServletResponse response, LoginConfig config) {
+            HttpServletResponse response, LoginConfig config)
+            throws IOException {
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher
             (config.getErrorPage());
         try {
             disp.forward(request.getRequest(), response);
         } catch (Throwable t) {
-            log.warn("Unexpected error forwarding to error page", t);
+            String msg = sm.getString("formAuthenticator.forwardErrorFail");
+            log.warn(msg, t);
+            request.setAttribute(Globals.EXCEPTION_ATTR, t);
+            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    msg);
         }
     }
 

diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties b/java/org/apache/catalina/authenticator/LocalStrings.properties
index 7819f42..e96e5ed 100644 (file)
--- a/java/org/apache/catalina/authenticator/LocalStrings.properties
+++ b/java/org/apache/catalina/authenticator/LocalStrings.properties
@@ -27,3 +27,6 @@ authenticator.requestBodyTooBig=The request body was too large to be cached duri
 authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
 authenticator.unauthorized=Cannot authenticate with the provided credentials
 authenticator.userDataConstraint=This request violates a User Data constraint for this application
+
+formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
+formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page