Remove unneeded handling of FORM authentication in RealmBase
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@1392252 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/STATUS.txt b/STATUS.txt
index 7d71d7a..4b3c20c 100644
--- a/STATUS.txt
+++ b/STATUS.txt
@@ -28,12 +28,6 @@
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
-* Remove unneeded handling of FORM authentication in RealmBase
- http://svn.apache.org/viewvc?rev=1377887&view=rev
- (r1377892 in 7.0)
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
A. Better handling of edge conditions in chunk header processing (BZ 42181)
B. Improve chunk header parsing. Properly ignore chunk-extension suffix,
diff --git a/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java b/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
index e57cf4c..15c4b69 100644
--- a/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
+++ b/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
@@ -727,31 +727,6 @@
if (constraints == null || constraints.length == 0)
return (true);
- // Specifically allow access to the form login and form error pages
- // and the "j_security_check" action
- LoginConfig config = context.getLoginConfig();
- if ((config != null) &&
- (Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
- String requestURI = request.getRequestPathMB().toString();
- String loginPage = config.getLoginPage();
- if (loginPage.equals(requestURI)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to login page " + loginPage);
- return (true);
- }
- String errorPage = config.getErrorPage();
- if (errorPage.equals(requestURI)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to error page " + errorPage);
- return (true);
- }
- if (requestURI.endsWith(Constants.FORM_ACTION)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to username/password submission");
- return (true);
- }
- }
-
// Which user principal have we already authenticated?
Principal principal = request.getPrincipal();
boolean status = false;
diff --git a/container/webapps/docs/changelog.xml b/container/webapps/docs/changelog.xml
index de1b727..53bba36 100644
--- a/container/webapps/docs/changelog.xml
+++ b/container/webapps/docs/changelog.xml
@@ -68,6 +68,9 @@
session by default, tracking server rather than client nonces and better
handling of stale nonce values. (markt)
</fix>
+ <scode>
+ Remove unneeded handling of FORM authentication in RealmBase. (kkolinko)
+ </scode>
</changelog>
</subsection>
<subsection name="Coyote">