Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

304307 JETTY-1133 Handle ;jsessionid in FROM Auth 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1326 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2010-03-02 08:37:02 +00:00
parent 303a5639b9
commit aea99b14aa
9 changed files with 79 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -19,6 +19,7 @@ jetty-7.0.2-SNAPSHOT
+ 302246 redirect loop using form authenticator
+ 302556 CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present
+ 302669 WebInfConfiguration.unpack() unpacks WEB-INF/* from a ResourceCollection, breaking JSP reloading with ResourceCollections
+ 304307 JETTY-1133 Handle ;jsessionid in FROM Auth
+ JETTY-776 Make new session-tests module to concentrate all reusable session clustering test code
+ JETTY-910 Allow request listeners to access session
+ JETTY-983 Range handling cleanup

2
jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/RedirectPatternRule.java
View File

@ -49,7 +49,7 @@ public class RedirectPatternRule extends PatternRule
*/
public String apply(String target, HttpServletRequest request, HttpServletResponse response) throws IOException
{
response.sendRedirect(_location);
response.sendRedirect(response.encodeRedirectURL(_location));
return target;
}

2
jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/RedirectRegexRule.java
View File

@ -57,7 +57,7 @@ public class RedirectRegexRule extends RegexRule
target=target.replaceAll("\\$"+g,group);
}
response.sendRedirect(target);
response.sendRedirect(response.encodeRedirectURL(target));
return target;
}
}

24
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
View File

@ -154,7 +154,7 @@ public class FormAuthenticator extends LoginAuthenticator
if (uri==null)
uri=URIUtil.SLASH;
mandatory|=uri.endsWith(__J_SECURITY_CHECK);
mandatory|=isJSecurityCheck(uri);
if (!mandatory)
return _deferred;
@ -166,7 +166,7 @@ public class FormAuthenticator extends LoginAuthenticator
try
{
// Handle a request for authentication.
if (uri.endsWith(__J_SECURITY_CHECK))
if (isJSecurityCheck(uri))
{
final String username = request.getParameter(__J_USERNAME);
final String password = request.getParameter(__J_PASSWORD);
@ -213,7 +213,7 @@ public class FormAuthenticator extends LoginAuthenticator
}
else
{
response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formErrorPage));
response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formErrorPage)));
}
return Authentication.SEND_FAILURE;
@ -260,7 +260,7 @@ public class FormAuthenticator extends LoginAuthenticator
}
else
{
response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formLoginPage));
response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formLoginPage)));
}
return Authentication.SEND_CONTINUE;
@ -275,7 +275,21 @@ public class FormAuthenticator extends LoginAuthenticator
throw new ServerAuthException(e);
}
}
/* ------------------------------------------------------------ */
public boolean isJSecurityCheck(String uri)
{
int jsc = uri.indexOf(__J_SECURITY_CHECK);
if (jsc<0)
return false;
int e=jsc+__J_SECURITY_CHECK.length();
if (e==uri.length())
return true;
char c = uri.charAt(e);
return c==';'||c=='#'||c=='/'||c=='?';
}
/* ------------------------------------------------------------ */
public boolean isLoginOrErrorPage(String pathInContext)
{

53
jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
View File

@ -301,7 +301,6 @@ public class ConstraintTest extends TestCase
response = _connector.getResponses("GET /ctx/testLoginPage HTTP/1.0\r\n"+
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
System.err.println(response);
assertTrue(response.indexOf(" 200 OK") > 0);
assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0);
@ -335,6 +334,58 @@ public class ConstraintTest extends TestCase
assertTrue(response.indexOf("!role") > 0);
}
public void testFormNoCookies()
throws Exception
{
_security.setAuthenticator(new FormAuthenticator("/testLoginPage","/testErrorPage",false));
_security.setStrict(false);
_server.start();
String response;
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
assertTrue(response.indexOf(" 302 Found") > 0);
assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
int jsession=response.indexOf(";jsessionid=");
String session = response.substring(jsession + 12, response.indexOf("\r\n",jsession));
response = _connector.getResponses("GET /ctx/testLoginPage;jsessionid="+session+" HTTP/1.0\r\n"+
"\r\n");
assertTrue(response.indexOf(" 200 OK") > 0);
assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0);
response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+" HTTP/1.0\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 31\r\n" +
"\r\n" +
"j_username=user&j_password=wrong\r\n");
assertTrue(response.indexOf("Location") > 0);
response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+" HTTP/1.0\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 35\r\n" +
"\r\n" +
"j_username=user&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/ctx/auth/info") > 0);
response = _connector.getResponses("GET /ctx/auth/info;jsessionid="+session+" HTTP/1.0\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponses("GET /ctx/admin/info;jsessionid="+session+" HTTP/1.0\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 403"));
assertTrue(response.indexOf("!role") > 0);
}
public void testStrictBasic()
throws Exception
{

2
jetty-server/src/main/java/org/eclipse/jetty/server/handler/MovedContextHandler.java
View File

@ -107,7 +107,7 @@ public class MovedContextHandler extends ContextHandler
if (!_discardQuery && request.getQueryString()!=null)
url+="?"+request.getQueryString();
response.sendRedirect(url);
response.sendRedirect(response.encodeRedirectURL(url));
String path=_newContextURL;
if (!_discardPathInfo && request.getPathInfo()!=null)

2
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ResourceHandler.java
View File

@ -302,7 +302,7 @@ public class ResourceHandler extends AbstractHandler
{
if (!request.getPathInfo().endsWith(URIUtil.SLASH))
{
response.sendRedirect(URIUtil.addPaths(request.getRequestURI(),URIUtil.SLASH));
response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getRequestURI(),URIUtil.SLASH)));
return;
}

2
jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
View File

@ -309,7 +309,7 @@ public class CGI extends HttpServlet
String value = line.substring(k+1).trim();
if ("Location".equals(key))
{
res.sendRedirect(value);
res.sendRedirect(res.encodeRedirectURL(value));
}
else if ("Status".equals(key))
{

4
test-jetty-webapp/src/main/java/com/acme/Dump.java
View File

@ -78,7 +78,7 @@ public class Dump extends HttpServlet
{
if(request.getPathInfo()!=null && request.getPathInfo().toLowerCase().indexOf("script")!=-1)
{
response.sendRedirect(getServletContext().getContextPath() + "/dump/info");
response.sendRedirect(response.encodeRedirectURL(getServletContext().getContextPath() + "/dump/info"));
return;
}
@ -325,7 +325,7 @@ public class Dump extends HttpServlet
if (redirect != null && redirect.length() > 0)
{
response.getOutputStream().println("THIS SHOULD NOT BE SEEN!");
response.sendRedirect(redirect);
response.sendRedirect(response.encodeRedirectURL(redirect));
try
{
response.getOutputStream().println("THIS SHOULD NOT BE SEEN!");