From 175f9b5c886345a4aaa5786c005a742fc97e6d3b Mon Sep 17 00:00:00 2001
From: maxcooper <maxcooper>
Date: Sat, 8 Feb 2003 08:52:43 +0000
Subject: [PATCH] fixed to allow unrestricted access to the login error page
 minor reformatting

---
 .../org/securityfilter/filter/SecurityFilter.java  | 91 +++++++++++++---------
 1 file changed, 53 insertions(+), 38 deletions(-)

diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java
index a124f05..51f341f 100644
--- a/src/share/org/securityfilter/filter/SecurityFilter.java
+++ b/src/share/org/securityfilter/filter/SecurityFilter.java
@@ -1,7 +1,7 @@
 /*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.15 2003/01/18 07:18:08 dayash Exp $
- * $Revision: 1.15 $
- * $Date: 2003/01/18 07:18:08 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.16 2003/02/08 08:52:43 maxcooper Exp $
+ * $Revision: 1.16 $
+ * $Date: 2003/02/08 08:52:43 $
  *
  * ====================================================================
  * The SecurityFilter Software License, Version 1.1
@@ -77,7 +77,7 @@ import java.util.*;
  * @author Max Cooper (max@maxcooper.com)
  * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
  * @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.15 $ $Date: 2003/01/18 07:18:08 $
+ * @version $Revision: 1.16 $ $Date: 2003/02/08 08:52:43 $
  */
 public class SecurityFilter implements Filter {
    public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
@@ -122,10 +122,10 @@ public class SecurityFilter implements Filter {
     * @exception ServletException
     */
    public void doFilter(
-           ServletRequest request,
-           ServletResponse response,
-           FilterChain chain
-           ) throws IOException, ServletException {
+      ServletRequest request,
+      ServletResponse response,
+      FilterChain chain
+   ) throws IOException, ServletException {
 
       HttpServletRequest hReq = (HttpServletRequest) request;
       HttpServletResponse hRes = (HttpServletResponse) response;
@@ -166,8 +166,10 @@ public class SecurityFilter implements Filter {
             // match the login page or error page patterns -- this allows requests for the
             // login page and error pages to be viewed even when their URLs would otherwise
             // be subject to a security constraint
-            if (!patternMatcher.match(requestURL, loginPagePattern)
-                    && !patternMatcher.match(requestURL, loginPagePattern)) {
+            if (
+               !patternMatcher.match(requestURL, loginPagePattern)
+               && !patternMatcher.match(requestURL, errorPagePattern)
+            ) {
                // check if request matches security constraint
                match = matchPattern(requestURL, wrappedRequest.getMethod(), patternMatcher);
             }
@@ -265,10 +267,10 @@ public class SecurityFilter implements Filter {
                WebResourceCollection resourceCollection = (WebResourceCollection) rIter.next();
                for (Iterator pIter = resourceCollection.getURLPatterns().iterator(); pIter.hasNext();) {
                   URLPattern pattern = patternFactory.createURLPattern(
-                          (String) pIter.next(),
-                          constraint,
-                          resourceCollection,
-                          order++
+                     (String) pIter.next(),
+                     constraint,
+                     resourceCollection,
+                     order++
                   );
                   patternList.add(pattern);
                }
@@ -336,9 +338,9 @@ public class SecurityFilter implements Filter {
     * @exception ServletException
     */
    protected void showLogin(
-           HttpServletRequest request,
-           HttpServletResponse response
-           ) throws IOException, ServletException {
+      HttpServletRequest request,
+      HttpServletResponse response
+   ) throws IOException, ServletException {
       // save this request
       saveRequestInformation(request);
       // redirect to login page
@@ -385,9 +387,9 @@ public class SecurityFilter implements Filter {
     * @exception ServletException
     */
    protected void processLogin(
-           SecurityRequestWrapper request,
-           HttpServletResponse response
-           ) throws IOException, ServletException {
+      SecurityRequestWrapper request,
+      HttpServletResponse response
+   ) throws IOException, ServletException {
       String username = request.getParameter(FORM_USERNAME);
       String password = request.getParameter(FORM_PASSWORD);
       if (basic && username == null && password == null) {
@@ -510,9 +512,11 @@ public class SecurityFilter implements Filter {
          // this is done to support app servers like orion 1.5.2
          // which have not implemented the servlet 2.3 specification but have implemented the final draft of 2.3 spec.
          if (protocol.equals("HTTP/1.1")) { // todo: provide support for ftp, webdav protocol among others.
-            protocol = "http://";
-            if (request.isSecure())
+            if (request.isSecure()) {
                protocol = "https://";
+            } else {
+               protocol = "http://";
+            }
          }
          url = protocol + request.getServerName() + ":" + request.getServerPort() + request.getRequestURI();
       }
@@ -533,30 +537,41 @@ public class SecurityFilter implements Filter {
    }
 
    private String parseUsername(String authorization) {
-
       String unencoded = getdecodedString(authorization);
-      if (unencoded == null) return null;
-      int colon = unencoded.indexOf(':');
-      if (colon < 0) return (null);
-      return unencoded.substring(0, colon).trim();
+      if (unencoded == null) {
+         return null;
+      } else {
+         int colon = unencoded.indexOf(':');
+         if (colon < 0) {
+            return null;
+         } else {
+            return unencoded.substring(0, colon).trim();
+         }
+      }
    }
 
    private String getdecodedString(String authorization) {
-      if (authorization == null)
-         return (null);
-      if (!authorization.toLowerCase().startsWith("basic "))
-         return (null);
-      authorization = authorization.substring(6).trim();
-      // Decode and parse the authorization credentials
-      return new String(base64Helper.decode(authorization.getBytes()));
+      if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) {
+         return null;
+      } else {
+         authorization = authorization.substring(6).trim();
+         // Decode and parse the authorization credentials
+         return new String(base64Helper.decode(authorization.getBytes()));
+      }
    }
 
    private String parsePassword(String authorization) {
       String unencoded = getdecodedString(authorization);
-      if (unencoded == null) return null;
-      int colon = unencoded.indexOf(':');
-      if (colon < 0) return (null);
-      return unencoded.substring(colon + 1).trim();
+      if (unencoded == null) {
+         return null;
+      } else {
+         int colon = unencoded.indexOf(':');
+         if (colon < 0) {
+            return (null);
+         } else {
+            return unencoded.substring(colon + 1).trim();
+         }
+      }
    }
 }
 
-- 
2.11.0