[prev in list] [next in list] [prev in thread] [next in thread]
List: slide-dev
Subject: [patch] make the IE5 auth-bug workaround configurable
From: Stefano Mazzocchi <stefano () apache ! org>
Date: 2003-11-26 16:17:32
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
since I was pretty annoyed by the session creation logic that was used
to work around IE bugs, I made it configurable in web.xml.
NOTE: I incorporated the patch with the previous one for
WebdavServlet.java since I found out I was not using the
ProfilingFilter so it's not needed anymore.
Hope this helps.
--
Stefano.
["patch.txt" (patch.txt)]
Index: conf/webapp/web.xml
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/conf/webapp/web.xml,v
retrieving revision 1.25
diff -u -u -b -r1.25 web.xml
--- conf/webapp/web.xml 27 Aug 2003 15:44:37 -0000 1.25
+++ conf/webapp/web.xml 26 Nov 2003 16:14:42 -0000
@@ -189,6 +189,18 @@
of interoperability problems.
</description>
</init-param>
+ <init-param>
+ <param-name>auth-bug-workaround</param-name>
+ <param-value>false</param-value>
+ <description>
+ This parameter indicates whether or not Slide should try to work \
around a bug + in IE that doesn't send authentication information \
while issuing HEAD requests. + NOTE: the workaround stores \
authentication information in the session. This is not + a best \
practice so you should keep the workaround off unless this bug affects your + \
user base. + The default value is 'false'.
+ </description>
+ </init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- The mapping for the Slide WebDAV servlet.
Index: webdav/server/org/apache/slide/webdav/WebdavServlet.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/WebdavServlet.java,v
retrieving revision 1.52
diff -u -u -b -r1.52 WebdavServlet.java
--- webdav/server/org/apache/slide/webdav/WebdavServlet.java 5 Nov 2003 14:24:36 \
-0000 1.52
+++ webdav/server/org/apache/slide/webdav/WebdavServlet.java 26 Nov 2003 16:14:43 \
-0000 @@ -65,8 +65,6 @@
import java.io.IOException;
import java.net.URL;
-import java.text.SimpleDateFormat;
-import java.util.Date;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -80,7 +78,6 @@
import org.apache.slide.common.NamespaceAccessToken;
import org.apache.slide.common.SlideException;
import org.apache.slide.common.SlideToken;
-import org.apache.slide.common.SlideTokenImpl;
import org.apache.slide.common.SlideTokenWrapper;
import org.apache.slide.security.AccessDeniedException;
import org.apache.slide.structure.LinkedObjectNotFoundException;
@@ -167,14 +164,9 @@
protected void service (HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- SimpleDateFormat sdf = new SimpleDateFormat();
- if( token.getLogger().isEnabled(LOG_CHANNEL, Logger.DEBUG) )
- token.getLogger().log("==> "+req.getMethod()+" start: "+sdf.format(new \
Date(System.currentTimeMillis()))+" ["+Thread.currentThread().getName()+"]", \
LOG_CHANNEL, Logger.DEBUG); + WebdavServletConfig config = \
(WebdavServletConfig) getServletConfig();
- WebdavServletConfig config = (WebdavServletConfig)getServletConfig();
try {
- long startTime = System.currentTimeMillis();
-
if (token == null) {
String namespaceName = req.getContextPath();
if ((namespaceName == null) || (namespaceName.equals("")))
@@ -188,12 +180,9 @@
resp.setStatus(WebdavStatus.SC_OK);
String methodName = req.getMethod();
- if ((methodName.equalsIgnoreCase("GET") ||
- methodName.equalsIgnoreCase("POST")) &&
- isCollection(req)) {
- // let the standard doGet() / doPost() methods handle
- // GET/POST requests on collections (to display a directory
- // index pag or something similar)
+ if (methodName.equalsIgnoreCase("GET") && isCollection(req,config)) {
+ // let the standard doGet() method handle GET requests on
+ // collections (to display a directory index pag or something \
similar) super.service(req, resp);
} else {
WebdavMethod method = methodFactory.createMethod(methodName);
@@ -212,15 +201,10 @@
token.getLogger().log(e,LOG_CHANNEL, Logger.ERROR);
try { resp.sendError(WebdavStatus.SC_INTERNAL_SERVER_ERROR); } catch \
(Throwable ex) { } }
- finally {
- if( token.getLogger().isEnabled(LOG_CHANNEL, Logger.DEBUG) )
- token.getLogger().log("<== "+req.getMethod()+" end: "+sdf.format(new \
Date(System.currentTimeMillis()))+" ["+Thread.currentThread().getName()+"]", \
LOG_CHANNEL, Logger.DEBUG);
- }
-
}
- private boolean isCollection(HttpServletRequest req) {
- SlideToken slideToken = new \
SlideTokenWrapper(WebdavUtils.getSlideToken(req), false, false); + private boolean \
isCollection(HttpServletRequest req, WebdavServletConfig cfg) { + SlideToken \
slideToken = new \
SlideTokenWrapper(WebdavUtils.getSlideToken(req,cfg), false, false);
return WebdavUtils.isCollection(token, slideToken, \
WebdavUtils.getRelativePath(req, (WebdavServletConfig)getServletConfig())); }
Index: webdav/server/org/apache/slide/webdav/WebdavServletConfig.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/WebdavServletConfig.java,v
retrieving revision 1.7
diff -u -u -b -r1.7 WebdavServletConfig.java
--- webdav/server/org/apache/slide/webdav/WebdavServletConfig.java 18 Jun 2002 \
15:44:37 -0000 1.7
+++ webdav/server/org/apache/slide/webdav/WebdavServletConfig.java 26 Nov 2003 \
16:14:43 -0000 @@ -104,6 +104,10 @@
"scope";
+ static final String AUTH_BUG_WORKAROUND_PARAMETER =
+ "auth-bug-workaround";
+
+
// ----------------------------------------------------- Instance Variables
@@ -151,6 +155,15 @@
*/
private String methodFactory;
+ /**
+ * Whether or not to turn on the authentication bug workaround found in IE5
+ * since it doesn't submit authentication information in HEAD requests
+ * NOTE: the workround works by associating a session to a request, so
+ * be careful in turning this on since it might create scalability problems
+ * in your servlet environment
+ */
+ private boolean authBugWorkaround = false;
+
// ----------------------------------------------------------- Construction
@@ -208,6 +221,15 @@
if (value != null) {
methodFactory = value;
}
+
+ // read 'Authentication bug workaround' parameter
+ value = getInitParameter(AUTH_BUG_WORKAROUND_PARAMETER);
+ if (value == null) {
+ value = context.getInitParameter(AUTH_BUG_WORKAROUND_PARAMETER);
+ }
+ if (value != null) {
+ authBugWorkaround = Boolean.valueOf(value).booleanValue();
+ }
}
@@ -335,6 +357,17 @@
return isDefaultServlet;
}
+ /**
+ * Returns whether the servlet is mapped as default servlet of the web
+ * application.
+ *
+ * @return true if the servlet is configured as default servlet of the
+ * context
+ */
+ public boolean workaroundAuthBug() {
+
+ return authBugWorkaround;
+ }
}
Index: webdav/server/org/apache/slide/webdav/method/AbstractWebdavMethod.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/AbstractWebdavMethod.java,v
retrieving revision 1.18
diff -u -u -b -r1.18 AbstractWebdavMethod.java
--- webdav/server/org/apache/slide/webdav/method/AbstractWebdavMethod.java 24 Nov \
2003 16:45:14 -0000 1.18
+++ webdav/server/org/apache/slide/webdav/method/AbstractWebdavMethod.java 26 Nov \
2003 16:14:44 -0000 @@ -335,7 +335,7 @@
this.req = req;
this.resp = resp;
- this.slideToken = WebdavUtils.getSlideToken(req);
+ this.slideToken = WebdavUtils.getSlideToken(req, config);
this.requestUri = WebdavUtils.getRelativePath(req, config);
parseRequestHeaders();
Index: webdav/server/org/apache/slide/webdav/util/DirectoryIndexGenerator.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/DirectoryIndexGenerator.java,v
retrieving revision 1.4
diff -u -u -b -r1.4 DirectoryIndexGenerator.java
--- webdav/server/org/apache/slide/webdav/util/DirectoryIndexGenerator.java 14 Mar \
2003 15:41:40 -0000 1.4
+++ webdav/server/org/apache/slide/webdav/util/DirectoryIndexGenerator.java 26 Nov \
2003 16:14:44 -0000 @@ -197,7 +197,7 @@
Security security = nat.getSecurityHelper();
Structure structure = nat.getStructureHelper();
- SlideToken slideToken = WebdavUtils.getSlideToken(req);
+ SlideToken slideToken = WebdavUtils.getSlideToken(req, config);
String resourcePath = WebdavUtils.getRelativePath(req, config);
ObjectNode object = structure.retrieve(slideToken, resourcePath);
String name = object.getUri();
Index: webdav/server/org/apache/slide/webdav/util/PropertyHelper.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/PropertyHelper.java,v
retrieving revision 1.57
diff -u -u -b -r1.57 PropertyHelper.java
--- webdav/server/org/apache/slide/webdav/util/PropertyHelper.java 5 Nov 2003 \
14:24:35 -0000 1.57
+++ webdav/server/org/apache/slide/webdav/util/PropertyHelper.java 26 Nov 2003 \
16:14:45 -0000 @@ -1436,7 +1436,7 @@
try {
Document d =
new SAXBuilder().build( new \
StringReader(objectLockToken.getOwnerInfo()) );
- owner.addContent(d.getRootElement());
+ owner.addContent(d.getRootElement().detach());
}
catch( Throwable e ) {
owner.addContent(new CDATA(objectLockToken.getOwnerInfo()));
Index: webdav/server/org/apache/slide/webdav/util/WebdavUtils.java
===================================================================
RCS file: /home/cvspublic/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/WebdavUtils.java,v
retrieving revision 1.11
diff -u -u -b -r1.11 WebdavUtils.java
--- webdav/server/org/apache/slide/webdav/util/WebdavUtils.java 5 Nov 2003 14:24:36 \
-0000 1.11
+++ webdav/server/org/apache/slide/webdav/util/WebdavUtils.java 26 Nov 2003 16:14:45 \
-0000 @@ -398,9 +398,11 @@
* @return a new SlideToken instance
**/
public static SlideToken getSlideToken
- (HttpServletRequest req) {
+ (HttpServletRequest req, WebdavServletConfig cfg) {
Principal principal = req.getUserPrincipal();
+
+ if (cfg.workaroundAuthBug()) {
HttpSession session = req.getSession();
// store the current principal in the session, to get around a bug in
@@ -411,6 +413,7 @@
} else {
session.setAttribute(PRINCIPAL_ATTRIBUTE, principal);
}
+ }
CredentialsToken credentials;
if (principal == null) {
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic