diff options
| author | Greg Wilkins | 2010-03-02 08:37:02 +0000 |
|---|---|---|
| committer | Greg Wilkins | 2010-03-02 08:37:02 +0000 |
| commit | aea99b14aaff9a41337fab4427170814a53d85dd (patch) | |
| tree | f28864a5c9976529edc575cf42ac466424423d6e /jetty-security/src/main/java | |
| parent | 303a5639b9cdad7680bce0198fe38801a66a4783 (diff) | |
| download | org.eclipse.jetty.project-aea99b14aaff9a41337fab4427170814a53d85dd.tar.gz org.eclipse.jetty.project-aea99b14aaff9a41337fab4427170814a53d85dd.tar.xz org.eclipse.jetty.project-aea99b14aaff9a41337fab4427170814a53d85dd.zip | |
304307 JETTY-1133 Handle ;jsessionid in FROM Auth
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1326 7e9141cc-0065-0410-87d8-b60c137991c4
Diffstat (limited to 'jetty-security/src/main/java')
| -rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index 0b253e56b8..7a624ddc7f 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -154,7 +154,7 @@ public class FormAuthenticator extends LoginAuthenticator if (uri==null) uri=URIUtil.SLASH; - mandatory|=uri.endsWith(__J_SECURITY_CHECK); + mandatory|=isJSecurityCheck(uri); if (!mandatory) return _deferred; @@ -166,7 +166,7 @@ public class FormAuthenticator extends LoginAuthenticator try { // Handle a request for authentication. - if (uri.endsWith(__J_SECURITY_CHECK)) + if (isJSecurityCheck(uri)) { final String username = request.getParameter(__J_USERNAME); final String password = request.getParameter(__J_PASSWORD); @@ -213,7 +213,7 @@ public class FormAuthenticator extends LoginAuthenticator } else { - response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formErrorPage)); + response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formErrorPage))); } return Authentication.SEND_FAILURE; @@ -260,7 +260,7 @@ public class FormAuthenticator extends LoginAuthenticator } else { - response.sendRedirect(URIUtil.addPaths(request.getContextPath(),_formLoginPage)); + response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formLoginPage))); } return Authentication.SEND_CONTINUE; @@ -275,7 +275,21 @@ public class FormAuthenticator extends LoginAuthenticator throw new ServerAuthException(e); } } - + + /* ------------------------------------------------------------ */ + public boolean isJSecurityCheck(String uri) + { + int jsc = uri.indexOf(__J_SECURITY_CHECK); + + if (jsc<0) + return false; + int e=jsc+__J_SECURITY_CHECK.length(); + if (e==uri.length()) + return true; + char c = uri.charAt(e); + return c==';'||c=='#'||c=='/'||c=='?'; + } + /* ------------------------------------------------------------ */ public boolean isLoginOrErrorPage(String pathInContext) { |