From 6321baf7f3170388abf70b588ffb7c8822bc968e Mon Sep 17 00:00:00 2001 From: maxcooper Date: Thu, 7 Oct 2004 21:37:29 +0000 Subject: [PATCH] fixed an issue where SecurityFilter would not honor auth info unless it specifically asked for it --- .../securityfilter/authenticator/BasicAuthenticator.java | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java index e9510c0..2e94b74 100644 --- a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java +++ b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.5 2004/01/26 09:19:10 maxcooper Exp $ - * $Revision: 1.5 $ - * $Date: 2004/01/26 09:19:10 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.6 2004/10/07 21:37:29 maxcooper Exp $ + * $Revision: 1.6 $ + * $Date: 2004/10/07 21:37:29 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -70,7 +70,7 @@ import java.security.Principal; * * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author Max Cooper (max@maxcooper.com) - * @version $Revision: 1.5 $ $Date: 2004/01/26 09:19:10 $ + * @version $Revision: 1.6 $ $Date: 2004/10/07 21:37:29 $ */ public class BasicAuthenticator implements Authenticator { public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS"; @@ -81,7 +81,6 @@ public class BasicAuthenticator implements Authenticator { protected SecurityRealmInterface realm; protected String realmName; - protected Base64 base64Helper; /** * Initialize this Authenticator. @@ -92,7 +91,6 @@ public class BasicAuthenticator implements Authenticator { public void init(FilterConfig filterConfig, SecurityConfig securityConfig) throws Exception { realm = securityConfig.getRealm(); realmName = securityConfig.getRealmName(); - base64Helper = new Base64(); } /** @@ -118,7 +116,7 @@ public class BasicAuthenticator implements Authenticator { // attempt to dig out authentication info only if the user has not yet been authenticated String authorizationHeader = request.getHeader("Authorization"); HttpSession session = request.getSession(); - if (authorizationHeader != null && session.getAttribute(LOGIN_ATTEMPTS) != null) { + if (authorizationHeader != null) { String decoded = decodeBasicAuthorizationString(authorizationHeader); String username = parseUsername(decoded); String password = parsePassword(decoded); @@ -127,7 +125,7 @@ public class BasicAuthenticator implements Authenticator { // login successful request.getSession().removeAttribute(LOGIN_ATTEMPTS); request.setUserPrincipal(principal); - } else { + } else if (session.getAttribute(LOGIN_ATTEMPTS) != null) { // login failed // show the basic authentication window again. showLogin(request.getCurrentRequest(), response); @@ -244,7 +242,7 @@ public class BasicAuthenticator implements Authenticator { } else { authorization = authorization.substring(6).trim(); // Decode and parse the authorization credentials - return new String(base64Helper.decodeBase64(authorization.getBytes())); + return new String(Base64.decodeBase64(authorization.getBytes())); } } } -- 2.11.0