From: markt Date: Fri, 11 Dec 2009 13:12:57 +0000 (+0000) Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537 X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=ce632f60e6bade0096fbf59dcabc88aa15931925;p=tomcat7.0 Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47537 Return an error page if a forward during form auth fails rather than a zero length 200 response. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@889606 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java index 07ade7a20..0cf369cb5 100644 --- a/java/org/apache/catalina/authenticator/FormAuthenticator.java +++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java @@ -30,6 +30,7 @@ import javax.servlet.RequestDispatcher; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.Globals; import org.apache.catalina.Realm; import org.apache.catalina.Session; import org.apache.catalina.connector.Request; @@ -307,16 +308,24 @@ public class FormAuthenticator * @param response Response we are populating * @param config Login configuration describing how authentication * should be performed + * @throws IOException If the forward to the login page fails and the call + * to {@link HttpServletResponse#sendError(int, String) + * throws an {@link IOException} */ protected void forwardToLoginPage(Request request, - HttpServletResponse response, LoginConfig config) { + HttpServletResponse response, LoginConfig config) + throws IOException { RequestDispatcher disp = context.getServletContext().getRequestDispatcher (config.getLoginPage()); try { disp.forward(request.getRequest(), response); } catch (Throwable t) { - log.warn("Unexpected error forwarding to login page", t); + String msg = sm.getString("formAuthenticator.forwardLoginFail"); + log.warn(msg, t); + request.setAttribute(Globals.EXCEPTION_ATTR, t); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + msg); } } @@ -328,16 +337,24 @@ public class FormAuthenticator * @param response Response we are populating * @param config Login configuration describing how authentication * should be performed + * @throws IOException If the forward to the error page fails and the call + * to {@link HttpServletResponse#sendError(int, String) + * throws an {@link IOException} */ protected void forwardToErrorPage(Request request, - HttpServletResponse response, LoginConfig config) { + HttpServletResponse response, LoginConfig config) + throws IOException { RequestDispatcher disp = context.getServletContext().getRequestDispatcher (config.getErrorPage()); try { disp.forward(request.getRequest(), response); } catch (Throwable t) { - log.warn("Unexpected error forwarding to error page", t); + String msg = sm.getString("formAuthenticator.forwardErrorFail"); + log.warn(msg, t); + request.setAttribute(Globals.EXCEPTION_ATTR, t); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + msg); } } diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties b/java/org/apache/catalina/authenticator/LocalStrings.properties index 7819f4294..e96e5ed1c 100644 --- a/java/org/apache/catalina/authenticator/LocalStrings.properties +++ b/java/org/apache/catalina/authenticator/LocalStrings.properties @@ -27,3 +27,6 @@ authenticator.requestBodyTooBig=The request body was too large to be cached duri authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser authenticator.unauthorized=Cannot authenticate with the provided credentials authenticator.userDataConstraint=This request violates a User Data constraint for this application + +formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page +formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page