Form auth does redirect with optional dispatch

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@102 7e9141cc-0065-0410-87d8-b60c137991c4
2009-04-03 07:18:00 +00:00 · 2009-04-03 07:18:00 +00:00 · a71d893d58
parent e0b2eb2306
commit a71d893d58
5 changed files with 45 additions and 18 deletions
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultUserIdentity.java
@ -67,5 +67,9 @@ public class DefaultUserIdentity implements UserIdentity
        return false;
    }

+    public String toString()
+    {
+        return DefaultUserIdentity.class.getSimpleName()+"('"+_userPrincipal+"')";
+    }
    
 }
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
@ -287,6 +287,12 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo
        {
            return true;
        }
+
+        /* -------------------------------------------------------- */
+        public String toString()
+        {
+            return _name;
+        }
    }
 }

--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@ -40,6 +40,7 @@ public class FormAuthenticator extends LoginAuthenticator
 {
    public final static String __FORM_LOGIN_PAGE="org.eclipse.jetty.security.form_login_page";
    public final static String __FORM_ERROR_PAGE="org.eclipse.jetty.security.form_error_page";
+    public final static String __FORM_DISPATCH="org.eclipse.jetty.security.dispatch";
    public final static String __J_URI = "org.eclipse.jetty.util.URI";
    public final static String __J_AUTHENTICATED = "org.eclipse.jetty.server.Auth";
    public final static String __J_SECURITY_CHECK = "/j_security_check";
@ -49,6 +50,7 @@ public class FormAuthenticator extends LoginAuthenticator
    private String _formErrorPath;
    private String _formLoginPage;
    private String _formLoginPath;
+    private boolean _dispatch;

    public FormAuthenticator()
    {
@ -77,10 +79,10 @@ public class FormAuthenticator extends LoginAuthenticator
        String error=configuration.getInitParameter(FormAuthenticator.__FORM_ERROR_PAGE);
        if (error!=null)
            setErrorPage(error);
+        String dispatch=configuration.getInitParameter(FormAuthenticator.__FORM_DISPATCH);
+        _dispatch=dispatch!=null && Boolean.getBoolean(dispatch);
    }

-
-
    public String getAuthMethod()
    {
        return Constraint.__FORM_AUTH;
@ -168,13 +170,18 @@ public class FormAuthenticator extends LoginAuthenticator
                    if (response != null) 
                        response.sendError(HttpServletResponse.SC_FORBIDDEN);
                }
-                else
+                else if (_dispatch)
                {
                    RequestDispatcher dispatcher = request.getRequestDispatcher(_formErrorPage);
                    response.setHeader(HttpHeaders.CACHE_CONTROL,"No-cache");
                    response.setDateHeader(HttpHeaders.EXPIRES,1);
                    dispatcher.forward(request, response);
                }
+                else
+                {
+                    response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formErrorPage));
+                }
+                
                // TODO is this correct response if isMandatory false??? Can
                // that occur?
                return DefaultAuthentication.SEND_FAILURE_RESULTS;
@ -195,10 +202,19 @@ public class FormAuthenticator extends LoginAuthenticator
                                          + ":"
                                          + request.getServerPort()
                                          + URIUtil.addPaths(request.getContextPath(), uri));
-            RequestDispatcher dispatcher = request.getRequestDispatcher(_formLoginPage);
-            response.setHeader(HttpHeaders.CACHE_CONTROL,"No-cache");
-            response.setDateHeader(HttpHeaders.EXPIRES,1);
-            dispatcher.forward(request, response);
+            
+            if (_dispatch)
+            {
+                RequestDispatcher dispatcher = request.getRequestDispatcher(_formLoginPage);
+                response.setHeader(HttpHeaders.CACHE_CONTROL,"No-cache");
+                response.setDateHeader(HttpHeaders.EXPIRES,1);
+                dispatcher.forward(request, response);
+            }
+            else
+            {
+                response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formLoginPage));
+            }
+            
            return DefaultAuthentication.SEND_CONTINUE_RESULTS;
        }
        catch (IOException e)
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
@ -249,9 +249,13 @@ public class ConstraintTest extends TestCase

        _connector.reopen();
        response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
+        assertTrue(response.indexOf(" 302 Found") > 0);
+        assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
+        /* if dispatch
        assertTrue(response.indexOf("Cache-Control: no-cache") > 0);
        assertTrue(response.indexOf("Expires") > 0);
        assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0);
+        */

        String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));

@ -262,10 +266,8 @@ public class ConstraintTest extends TestCase
                "Content-Length: 31\r\n" +
                "\r\n" +
                "j_username=user&j_password=wrong\r\n");
-        //TODO we are forwarded to the error page now.  Is there any way to verify the contents?
-        assertTrue(response.startsWith("HTTP/1.1 200 "));
-//        assertTrue(response.indexOf("Location") > 0);
-//        assertTrue(response.indexOf("testErrorPage") > 0);
+          assertTrue(response.indexOf("Location") > 0);
+          assertTrue(response.indexOf("testErrorPage") > 0);


        _connector.reopen();
@ -386,8 +388,9 @@ public class ConstraintTest extends TestCase

        _connector.reopen();
        response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
-//        assertTrue(response.startsWith("HTTP/1.1 302 "));
-//        assertTrue(response.indexOf("testLoginPage") > 0);
+        assertTrue(response.indexOf(" 302 Found") > 0);
+        assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
+        
        String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));

        _connector.reopen();
@ -397,10 +400,8 @@ public class ConstraintTest extends TestCase
                "Content-Length: 31\r\n" +
                "\r\n" +
                "j_username=user&j_password=wrong\r\n");
-        //TODO we are forwarded to the error page now.  Is there any way to verify the contents?
-        assertTrue(response.startsWith("HTTP/1.1 200 "));
-//        assertTrue(response.indexOf("Location") > 0);
-//        assertTrue(response.indexOf("testErrorPage") > 0);
+        assertTrue(response.indexOf("Location") > 0);
+        assertTrue(response.indexOf("testErrorPage") > 0);


        _connector.reopen();
--- a/jetty-test-webapp/src/test/java/org/eclipse/jetty/DemoServer.java
+++ b/jetty-test-webapp/src/test/java/org/eclipse/jetty/DemoServer.java
@ -13,7 +13,7 @@ public class DemoServer
        Server server = new Server(8080);
        
        WebAppContext context = new WebAppContext();
-        context.setWar("./target/jetty-test-webapp-7.0.0.M0-SNAPSHOT"); // TODO YUCK!
+        context.setWar("./target/jetty-test-webapp-7.0.0.M1-SNAPSHOT"); // TODO YUCK!
        context.setDefaultsDescriptor("../jetty-webapp/src/main/config/etc/webdefault.xml");
        server.setHandler(context);