From ff0450e1b8fc8b42c7a15e153c30e60a8624a10e Mon Sep 17 00:00:00 2001
From: Greg Wilkins <greg@webtide.com>
Date: Mon, 3 Aug 2009 03:17:43 +0000
Subject: [PATCH] improved deferred authentication handling and fixed test
 harnesses

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@622 7e9141cc-0065-0410-87d8-b60c137991c4
---
 .../java/org/eclipse/jetty/embedded/LikeJettyXml.java     | 6 ++++--
 .../java/org/eclipse/jetty/security/SecurityHandler.java  | 8 ++++----
 .../security/authentication/DeferredAuthenticator.java    | 2 +-
 test-jetty-webapp/src/main/webapp/auth.html               | 2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java b/example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
index 72fab47cdd4..910fa1a5fc9 100644
--- a/example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
+++ b/example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
@@ -51,14 +51,16 @@ public class LikeJettyXml
         mbContainer.addBean(Log.getLog());
 
         
-        // Setup Connectors
+        // Setup Threadpool
         QueuedThreadPool threadPool = new QueuedThreadPool();
         threadPool.setMaxThreads(100);
         server.setThreadPool(threadPool);
 
-        Connector connector = new SelectChannelConnector();
+        // Setup Connectors
+        SelectChannelConnector connector = new SelectChannelConnector();
         connector.setPort(8080);
         connector.setMaxIdleTime(30000);
+        connector.setConfidentialPort(8443);
         server.setConnectors(new Connector[]
         { connector });
 
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index 444f422e606..7f984f6b7b0 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -409,8 +409,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
         
         if (handler==null)
             return;
+
+        final Authenticator authenticator = _authenticator;
         
-        if (_authenticator!=null && checkSecurity(baseRequest))
+        if (authenticator!=null && checkSecurity(baseRequest))
         {
             Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest);
             
@@ -419,14 +421,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
             {
                 if (!baseRequest.isHandled())
                 {
-                    response.sendError(Response.SC_FORBIDDEN);
+                    response.sendError(Response.SC_FORBIDDEN,"!data constraint");
                     baseRequest.setHandled(true);
                 }
                 return;
             }
 
-            final Authenticator authenticator = _authenticator;
-            
             // is Auth mandatory?
             boolean isAuthMandatory = 
                 isAuthMandatory(baseRequest, base_response, constraintInfo) ||
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthenticator.java
index 944e38e7e88..565362cf551 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthenticator.java
@@ -60,7 +60,7 @@ public class DeferredAuthenticator extends DelegateAuthenticator
      */
     public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
     {
-        if (!(mandatory || _delegate.isMandatory(request)))
+        if (!mandatory)
             return _deferred;
         
         return _delegate.validateRequest(request,response,mandatory);
diff --git a/test-jetty-webapp/src/main/webapp/auth.html b/test-jetty-webapp/src/main/webapp/auth.html
index c03336d2e5a..353626a0467 100644
--- a/test-jetty-webapp/src/main/webapp/auth.html
+++ b/test-jetty-webapp/src/main/webapp/auth.html
@@ -16,7 +16,7 @@ This page contains several links to test the authentication constraints:
 <li><a href="dump/auth/relax/info">dump/auth/relax/*</a> - Allowed</li>
 <li><a href="dump/auth/info">dump/auth/*</a> - Authenticated any user</li>
 <li><a href="dump/auth/admin/info">dump/auth/admin/*</a> - Authenticated admin role (<a href="session/?Action=Invalidate">click</a> to invalidate session)</li>
-<li><a href="dump/ssl/info">dump/ssl/*</a> - Confidential</li>
+<li><a href="dump/auth/ssl/info">dump/auth/ssl/*</a> - Confidential</li>
 </ul>
 <p/>
 <p>