diff options
author | Jan Bartel | 2012-05-22 11:13:10 +0000 |
---|---|---|
committer | Jan Bartel | 2012-05-22 11:13:10 +0000 |
commit | 37bce89b8ffbd426fefdfa4add2a665c98bfac7f (patch) | |
tree | e1387cbb16ed4ff5fcfe7c53816f9413f09cf11a | |
parent | 5420009f0f2bbdb4dcc1cdfe31c29b0a54a6c007 (diff) | |
download | org.eclipse.jetty.project-37bce89b8ffbd426fefdfa4add2a665c98bfac7f.tar.gz org.eclipse.jetty.project-37bce89b8ffbd426fefdfa4add2a665c98bfac7f.tar.xz org.eclipse.jetty.project-37bce89b8ffbd426fefdfa4add2a665c98bfac7f.zip |
379909 FormAuthenticator Rembers only the URL of first Request before authentication
5 files changed, 46 insertions, 3 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index c21768fde1..dcd91498f3 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -77,6 +77,7 @@ public class FormAuthenticator extends LoginAuthenticator private String _formLoginPage; private String _formLoginPath; private boolean _dispatch; + private boolean _alwaysSaveUri; public FormAuthenticator() { @@ -95,6 +96,26 @@ public class FormAuthenticator extends LoginAuthenticator /* ------------------------------------------------------------ */ /** + * If true, uris that cause a redirect to a login page will always + * be remembered. If false, only the first uri that leads to a login + * page redirect is remembered. + * See https://bugs.eclipse.org/bugs/show_bug.cgi?id=379909 + * @param alwaysSave + */ + public void setAlwaysSaveUri (boolean alwaysSave) + { + _alwaysSaveUri = alwaysSave; + } + + + /* ------------------------------------------------------------ */ + public boolean getAlwaysSaveUri () + { + return _alwaysSaveUri; + } + + /* ------------------------------------------------------------ */ + /** * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration) */ @Override @@ -279,9 +300,9 @@ public class FormAuthenticator extends LoginAuthenticator // remember the current URI synchronized (session) { - // But only if it is not set already - if (session.getAttribute(__J_URI)==null) - { + // But only if it is not set already, or we save every uri that leads to a login form redirect + if (session.getAttribute(__J_URI)==null || _alwaysSaveUri) + { StringBuffer buf = request.getRequestURL(); if (request.getQueryString() != null) buf.append("?").append(request.getQueryString()); diff --git a/test-jetty-webapp/src/main/config/contexts/test.xml b/test-jetty-webapp/src/main/config/contexts/test.xml index 3c36173b13..32e5b40584 100644 --- a/test-jetty-webapp/src/main/config/contexts/test.xml +++ b/test-jetty-webapp/src/main/config/contexts/test.xml @@ -61,6 +61,11 @@ detected. --> </New> </Set> + <Set name="authenticator"> + <New class="org.eclipse.jetty.security.authentication.FormAuthenticator"> + <Set name="alwaysSaveUri">true</Set> + </New> + </Set> <Set name="checkWelcomeFiles">true</Set> </Get> diff --git a/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml b/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml index 0c633bd765..f995d0162d 100644 --- a/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml +++ b/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml @@ -268,6 +268,16 @@ <security-constraint> <web-resource-collection> + <web-resource-name>Auth2</web-resource-name> + <url-pattern>/auth2/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>*</role-name> + </auth-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> <web-resource-name>Any User</web-resource-name> <url-pattern>/dump/auth/*</url-pattern> <url-pattern>*.htm</url-pattern> diff --git a/test-jetty-webapp/src/main/webapp/auth.html b/test-jetty-webapp/src/main/webapp/auth.html index 1f64b2bc67..1b1de1157c 100644 --- a/test-jetty-webapp/src/main/webapp/auth.html +++ b/test-jetty-webapp/src/main/webapp/auth.html @@ -12,6 +12,7 @@ This page contains several links to test the authentication constraints: <ul> <li><a href="auth/file.txt">auth/file.txt</a> - Forbidden</li> <li><a href="auth/relax.txt">auth/relax.txt</a> - Allowed</li> +<li><a href="auth2">auth2/index.html</a> - Authenticated (tests FormAuthenticator.setAlwaysSaveUri()) </li> <li><a href="dump/auth/noaccess/info">dump/auth/noaccess/*</a> - Forbidden</li> <li><a href="dump/auth/relax/info">dump/auth/relax/*</a> - Allowed</li> <li><a href="dump/auth/info">dump/auth/*</a> - Authenticated any user</li> diff --git a/test-jetty-webapp/src/main/webapp/auth2/index.html b/test-jetty-webapp/src/main/webapp/auth2/index.html new file mode 100644 index 0000000000..f46164c410 --- /dev/null +++ b/test-jetty-webapp/src/main/webapp/auth2/index.html @@ -0,0 +1,6 @@ +<html> + <body> + <h1>YAY!</h1> + <p>You have successfully authenticated. You can use this url in conjunction with any of the other urls that lead to a login form to test which urls are saved on entry to the login form.</p> + </body> +</html> |