From: maxcooper Date: Mon, 27 Oct 2003 10:32:05 +0000 (+0000) Subject: FIXED bug #734184: support cookie-less browsing X-Git-Tag: rel-2_0-alpha1~30 X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=8f8711944b33f0993b1a7e062cdad0bc1db56cc5;p=securityfilter.git FIXED bug #734184: support cookie-less browsing --- diff --git a/src/share/org/securityfilter/authenticator/FormAuthenticator.java b/src/share/org/securityfilter/authenticator/FormAuthenticator.java index 2f80458..c5a6c72 100644 --- a/src/share/org/securityfilter/authenticator/FormAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/FormAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.3 2003/10/25 12:43:21 maxcooper Exp $ - * $Revision: 1.3 $ - * $Date: 2003/10/25 12:43:21 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/FormAuthenticator.java,v 1.4 2003/10/27 10:32:05 maxcooper Exp $ + * $Revision: 1.4 $ + * $Date: 2003/10/27 10:32:05 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -68,7 +68,7 @@ import java.security.Principal; * FormAuthenticator - authenticator implementation for the FORM auth method. * * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.3 $ $Date: 2003/10/25 12:43:21 $ + * @version $Revision: 1.4 $ $Date: 2003/10/27 10:32:05 $ */ public class FormAuthenticator implements Authenticator { @@ -179,7 +179,7 @@ public class FormAuthenticator implements Authenticator { SecurityFilter.saveRequestInformation(request); // redirect to login page - response.sendRedirect(request.getContextPath() + loginPage); + response.sendRedirect(response.encodeRedirectURL(request.getContextPath() + loginPage)); return; } diff --git a/src/test/org/securityfilter/test/http/form/CookiesDisabledTest.java b/src/test/org/securityfilter/test/http/form/CookiesDisabledTest.java new file mode 100644 index 0000000..e1cff2e --- /dev/null +++ b/src/test/org/securityfilter/test/http/form/CookiesDisabledTest.java @@ -0,0 +1,83 @@ +/* + * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/CookiesDisabledTest.java,v 1.1 2003/10/27 10:32:06 maxcooper Exp $ + * $Revision: 1.1 $ + * $Date: 2003/10/27 10:32:06 $ + * + * ==================================================================== + * The SecurityFilter Software License, Version 1.1 + * + * (this license is derived and fully compatible with the Apache Software + * License - see http://www.apache.org/LICENSE.txt) + * + * Copyright (c) 2002 SecurityFilter.org. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by + * SecurityFilter.org (http://www.securityfilter.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The name "SecurityFilter" must not be used to endorse or promote + * products derived from this software without prior written permission. + * For written permission, please contact license@securityfilter.org . + * + * 5. Products derived from this software may not be called "SecurityFilter", + * nor may "SecurityFilter" appear in their name, without prior written + * permission of SecurityFilter.org. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + */ + +package org.securityfilter.test.http.form; + +import org.securityfilter.test.http.TestBase; +import org.securityfilter.example.Constants; + +/** + * CookiesDisabledTest - Test that login behavior works with cookies disabled. + * + * @author Max Cooper (max@maxcooper.com) + * @version $Revision: 1.1 $ $Date: 2003/10/27 10:32:06 $ + */ +public class CookiesDisabledTest extends TestBase { + /** + * Constructor + * + * @param name + */ + public CookiesDisabledTest(String name) { + super(name); + } + + public void testNoCookieLogin() throws Exception { + // disable cookies + session.getClientProperties().setAcceptCookies(false); + // ensure that we get the secure page, loggin in on the way + assertPageTitleAfterLogin("/securePage.jsp", Constants.SECURE_TITLE); + } +} diff --git a/web/basic/menu.jsp b/web/basic/menu.jsp index ac1c081..074c128 100644 --- a/web/basic/menu.jsp +++ b/web/basic/menu.jsp @@ -1,6 +1,6 @@

Navigation Menu: [ -Home -| Secure Page -| Forbidden Secure Page +">Home +| ">Secure Page +| ">Forbidden Secure Page ]

diff --git a/web/catalina-example/menu.jsp b/web/catalina-example/menu.jsp index 3ec9a6f..c65b350 100644 --- a/web/catalina-example/menu.jsp +++ b/web/catalina-example/menu.jsp @@ -1,8 +1,8 @@

Navigation Menu: [ -Home -| Secure Page -| Forbidden Secure Page -| Direct Login -| Logout +">Home +| ">Secure Page +| ">Forbidden Secure Page +| ">Direct Login +| ">Logout ]

diff --git a/web/example/menu.jsp b/web/example/menu.jsp index 3ec9a6f..c65b350 100644 --- a/web/example/menu.jsp +++ b/web/example/menu.jsp @@ -1,8 +1,8 @@

Navigation Menu: [ -Home -| Secure Page -| Forbidden Secure Page -| Direct Login -| Logout +">Home +| ">Secure Page +| ">Forbidden Secure Page +| ">Direct Login +| ">Logout ]

diff --git a/web/share/index.jsp b/web/share/index.jsp index 6a1f05d..6f6b952 100644 --- a/web/share/index.jsp +++ b/web/share/index.jsp @@ -13,7 +13,8 @@ Welcome to the Security Filter example application. Use the menu above to naviga

POST to the Secure Page

This form POSTs to the Secure Page. By entering a value here and clicking the submit button below, you can verify that POSTed parameters are maintained through the login sequence. -
+" method="POST">
diff --git a/web/share/loginError.jsp b/web/share/loginError.jsp index 6bab944..09c8ce9 100644 --- a/web/share/loginError.jsp +++ b/web/share/loginError.jsp @@ -6,6 +6,6 @@

SecurityFilter Example Application: Login Error Page

<%@include file="/menu.jsp" %> -Bad username/password combination, please try again. +Bad username/password combination, please ">try again. \ No newline at end of file diff --git a/web/share/loginForm.jsp b/web/share/loginForm.jsp index 4ca85f4..34d37c4 100644 --- a/web/share/loginForm.jsp +++ b/web/share/loginForm.jsp @@ -14,7 +14,7 @@ Login with username=<%=Constants.VALID_USERNAME%> and password=<%=Constants.VALID_PASSWORD%>. -
+ Username: