commit 6e218295e9b78af74dceac52c7b780194500e2c2
author Mark Emlyn David Thomas <markt@apache.org> Mon Oct 01 09:35:59 2012 +0000
committer Mark Emlyn David Thomas <markt@apache.org> Mon Oct 01 09:35:59 2012 +0000
tree 2f607233bc183c6c8015746521af2f3968fb235f
parent 83adfde198d8f9305edbd240e0081a2bb7902cfd

Remove unneeded handling of FORM authentication in RealmBase

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@1392252 13f79535-47bb-0310-9956-ffa450edef68

STATUS.txt

diff --git a/STATUS.txt b/STATUS.txt
index 7d71d7a..4b3c20c 100644
--- a/STATUS.txt
+++ b/STATUS.txt
@@ -28,12 +28,6 @@
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Remove unneeded handling of FORM authentication in RealmBase
-  http://svn.apache.org/viewvc?rev=1377887&view=rev
-  (r1377892 in 7.0)
-  +1: kkolinko, markt, kfujino
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
   A. Better handling of edge conditions in chunk header processing (BZ 42181)
   B. Improve chunk header parsing. Properly ignore chunk-extension suffix,

container/catalina/src/share/org/apache/catalina/realm/RealmBase.java

diff --git a/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java b/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
index e57cf4c..15c4b69 100644
--- a/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
+++ b/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
@@ -727,31 +727,6 @@
         if (constraints == null || constraints.length == 0)
             return (true);
 
-        // Specifically allow access to the form login and form error pages
-        // and the "j_security_check" action
-        LoginConfig config = context.getLoginConfig();
-        if ((config != null) &&
-            (Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
-            String requestURI = request.getRequestPathMB().toString();
-            String loginPage = config.getLoginPage();
-            if (loginPage.equals(requestURI)) {
-                if (log.isDebugEnabled())
-                    log.debug(" Allow access to login page " + loginPage);
-                return (true);
-            }
-            String errorPage = config.getErrorPage();
-            if (errorPage.equals(requestURI)) {
-                if (log.isDebugEnabled())
-                    log.debug(" Allow access to error page " + errorPage);
-                return (true);
-            }
-            if (requestURI.endsWith(Constants.FORM_ACTION)) {
-                if (log.isDebugEnabled())
-                    log.debug(" Allow access to username/password submission");
-                return (true);
-            }
-        }
-
         // Which user principal have we already authenticated?
         Principal principal = request.getPrincipal();
         boolean status = false;

container/webapps/docs/changelog.xml

diff --git a/container/webapps/docs/changelog.xml b/container/webapps/docs/changelog.xml
index de1b727..53bba36 100644
--- a/container/webapps/docs/changelog.xml
+++ b/container/webapps/docs/changelog.xml
@@ -68,6 +68,9 @@
         session by default, tracking server rather than client nonces and better
         handling of stale nonce values. (markt)
       </fix>
+      <scode>
+        Remove unneeded handling of FORM authentication in RealmBase. (kkolinko)
+      </scode>
     </changelog>
   </subsection>
   <subsection name="Coyote">