Produced by Araxis Merge on 11/20/2017 2:15:52 PM GMT Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | C:\Merge Test Files\8.0.47\java\org\apache\catalina\authenticator | NonLoginAuthenticator.java | Fri Sep 29 16:53:28 2017 UTC |
| 2 | C:\Merge Test Files\8.5.23\java\org\apache\catalina\authenticator | NonLoginAuthenticator.java | Thu Sep 28 11:32:16 2017 UTC |
| 3 | C:\Merge Test Files\9.0.1\java\org\apache\catalina\authenticator | NonLoginAuthenticator.java | Wed Sep 27 18:33:40 2017 UTC |
| Note: Merge considers the second file to be the common ancestor of the others. | |||
| Description | Between Files 1 and 2 |
Between Files 2 and 3 |
Relative to Common Ancestor |
|||
|---|---|---|---|---|---|---|
| Text Blocks | Lines | Text Blocks | Lines | Text Blocks | Lines | |
| Unchanged | 2 | 218 | 1 | 220 | ||
| Changed | 1 | 2 | 0 | 0 | 1 | 2 |
| Inserted | 0 | 0 | 0 | 0 | 0 | 0 |
| Removed | 0 | 0 | 0 | 0 | 0 | 0 |
| Note: An automatic merge would leave 0 conflict(s). | ||||||
| Whitespace | Consecutive whitespace is treated as a single space |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /* | 1 | /* | 1 | /* | |||||
| 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | |||||
| 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | |||||
| 4 | * this wo rk for add itional in formation regarding copyright ownership. | 4 | * this wo rk for add itional in formation regarding copyright ownership. | 4 | * this wo rk for add itional in formation regarding copyright ownership. | |||||
| 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | |||||
| 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | |||||
| 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | |||||
| 8 | * | 8 | * | 8 | * | |||||
| 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | |||||
| 10 | * | 10 | * | 10 | * | |||||
| 11 | * Unless required b y applicab le law or agreed to in writing , software | 11 | * Unless required b y applicab le law or agreed to in writing , software | 11 | * Unless required b y applicab le law or agreed to in writing , software | |||||
| 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | |||||
| 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | |||||
| 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | |||||
| 15 | * limitat ions under the Licen se. | 15 | * limitat ions under the Licen se. | 15 | * limitat ions under the Licen se. | |||||
| 16 | */ | 16 | */ | 16 | */ | |||||
| 17 | package or g.apache.c atalina.au thenticato r; | 17 | package or g.apache.c atalina.au thenticato r; | 17 | package or g.apache.c atalina.au thenticato r; | |||||
| 18 | 18 | 18 | ||||||||
| 19 | import jav a.io.IOExc eption; | 19 | import jav a.io.IOExc eption; | 19 | import jav a.io.IOExc eption; | |||||
| 20 | 20 | 20 | ||||||||
| 21 | import jav ax.servlet .http.Http ServletRes ponse; | 21 | import jav ax.servlet .http.Http ServletRes ponse; | 21 | import jav ax.servlet .http.Http ServletRes ponse; | |||||
| 22 | 22 | 22 | ||||||||
| 23 | import org .apache.ca talina.con nector.Req uest; | 23 | import org .apache.ca talina.con nector.Req uest; | 23 | import org .apache.ca talina.con nector.Req uest; | |||||
| 24 | 24 | 24 | ||||||||
| 25 | /** | 25 | /** | 25 | /** | |||||
| 26 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation t hat checks | 26 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation t hat checks | 26 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation t hat checks | |||||
| 27 | * only se curity con straints n ot involvi ng user au thenticati on. | 27 | * only se curity con straints n ot involvi ng user au thenticati on. | 27 | * only se curity con straints n ot involvi ng user au thenticati on. | |||||
| 28 | * | 28 | * | 28 | * | |||||
| 29 | * @author Craig R. McClanahan | 29 | * @author Craig R. McClanahan | 29 | * @author Craig R. McClanahan | |||||
| 30 | */ | 30 | */ | 30 | */ | |||||
| 31 | public fin al class N onLoginAut henticator extends A uthenticat orBase { | 31 | public fin al class N onLoginAut henticator extends A uthenticat orBase { | 31 | public fin al class N onLoginAut henticator extends A uthenticat orBase { | |||||
| 32 | 32 | 32 | ||||||||
| 33 | 33 | 33 | ||||||||
| 34 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | 34 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | 34 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | |||||
| 35 | 35 | 35 | ||||||||
| 36 | 36 | 36 | ||||||||
| 37 | /** | 37 | /** | 37 | /** | |||||
| 38 | * <p> Authentica te the use r making t his reques t, based o n the fact that no | 38 | * <p> Authentica te the use r making t his reques t, based o n the fact that no | 38 | * <p> Authentica te the use r making t his reques t, based o n the fact that no | |||||
| 39 | * <co de>login-c onfig</cod e> has bee n defined for the co ntainer.</ p> | 39 | * <co de>login-c onfig</cod e> has bee n defined for the co ntainer.</ p> | 39 | * <co de>login-c onfig</cod e> has bee n defined for the co ntainer.</ p> | |||||
| 40 | * | 40 | * | 40 | * | |||||
| 41 | * <p> This imple mentation means "log in the use r even tho ugh there is no | 41 | * <p> This imple mentation means "log in the use r even tho ugh there is no | 41 | * <p> This imple mentation means "log in the use r even tho ugh there is no | |||||
| 42 | * sel f-containe d way to e stablish a security Principal for that u ser".</p> | 42 | * sel f-containe d way to e stablish a security Principal for that u ser".</p> | 42 | * sel f-containe d way to e stablish a security Principal for that u ser".</p> | |||||
| 43 | * | 43 | * | 43 | * | |||||
| 44 | * <p> This metho d is calle d by the A uthenticat orBase sup er class t o | 44 | * <p> This metho d is calle d by the A uthenticat orBase sup er class t o | 44 | * <p> This metho d is calle d by the A uthenticat orBase sup er class t o | |||||
| 45 | * est ablish a P rincipal f or the use r BEFORE t he contain er securit y | 45 | * est ablish a P rincipal f or the use r BEFORE t he contain er securit y | 45 | * est ablish a P rincipal f or the use r BEFORE t he contain er securit y | |||||
| 46 | * con straints a re examine d, i.e. it is not ye t known wh ether the user | 46 | * con straints a re examine d, i.e. it is not ye t known wh ether the user | 46 | * con straints a re examine d, i.e. it is not ye t known wh ether the user | |||||
| 47 | * wil l eventual ly be perm itted to a ccess the requested resource. | 47 | * wil l eventual ly be perm itted to a ccess the requested resource. | 47 | * wil l eventual ly be perm itted to a ccess the requested resource. | |||||
| 48 | * The refore, it is necess ary to alw ays return <code>tru e</code> t o | 48 | * The refore, it is necess ary to alw ays return <code>tru e</code> t o | 48 | * The refore, it is necess ary to alw ays return <code>tru e</code> t o | |||||
| 49 | * ind icate the user has n ot failed authentica tion.</p> | 49 | * ind icate the user has n ot failed authentica tion.</p> | 49 | * ind icate the user has n ot failed authentica tion.</p> | |||||
| 50 | * | 50 | * | 50 | * | |||||
| 51 | * <p> There are two cases: </p> | 51 | * <p> There are two cases: </p> | 51 | * <p> There are two cases: </p> | |||||
| 52 | * <ul > | 52 | * <ul > | 52 | * <ul > | |||||
| 53 | * <li >without S ingleSigno n: a Sessi on instanc e does not yet exist | 53 | * <li >without S ingleSigno n: a Sessi on instanc e does not yet exist | 53 | * <li >without S ingleSigno n: a Sessi on instanc e does not yet exist | |||||
| 54 | * and there is no <co de>auth-me thod</code > to authe nticate th e | 54 | * and there is no <co de>auth-me thod</code > to authe nticate th e | 54 | * and there is no <co de>auth-me thod</code > to authe nticate th e | |||||
| 55 | * user, so leave Requ est's Prin cipal as n ull. | 55 | * user, so leave Requ est's Prin cipal as n ull. | 55 | * user, so leave Requ est's Prin cipal as n ull. | |||||
| 56 | * Note: Aut henticator Base will later exam ine the se curity con straints | 56 | * Note: Aut henticator Base will later exam ine the se curity con straints | 56 | * Note: Aut henticator Base will later exam ine the se curity con straints | |||||
| 57 | * to determine whether th e resource is access ible by a user | 57 | * to determine whether th e resource is access ible by a user | 57 | * to determine whether th e resource is access ible by a user | |||||
| 58 | * wit hout a sec urity Prin cipal and Role (i.e. unauthent icated). | 58 | * wit hout a sec urity Prin cipal and Role (i.e. unauthent icated). | 58 | * wit hout a sec urity Prin cipal and Role (i.e. unauthent icated). | |||||
| 59 | * </l i> | 59 | * </l i> | 59 | * </l i> | |||||
| 60 | * <li >with Sing leSignon: if the use r has alre ady authen ticated vi a | 60 | * <li >with Sing leSignon: if the use r has alre ady authen ticated vi a | 60 | * <li >with Sing leSignon: if the use r has alre ady authen ticated vi a | |||||
| 61 | * another c ontainer ( using its own login configurat ion), then | 61 | * another c ontainer ( using its own login configurat ion), then | 61 | * another c ontainer ( using its own login configurat ion), then | |||||
| 62 | * associate this Sess ion with t he SSOEntr y so it in herits the | 62 | * associate this Sess ion with t he SSOEntr y so it in herits the | 62 | * associate this Sess ion with t he SSOEntr y so it in herits the | |||||
| 63 | * already-e stablished security Principal and associ ated Roles . | 63 | * already-e stablished security Principal and associ ated Roles . | 63 | * already-e stablished security Principal and associ ated Roles . | |||||
| 64 | * Note: Thi s particul ar session will beco me a full member of the | 64 | * Note: Thi s particul ar session will beco me a full member of the | 64 | * Note: Thi s particul ar session will beco me a full member of the | |||||
| 65 | * Sin gleSignOnE ntry Sessi on collect ion and so will pote ntially | 65 | * Sin gleSignOnE ntry Sessi on collect ion and so will pote ntially | 65 | * Sin gleSignOnE ntry Sessi on collect ion and so will pote ntially | |||||
| 66 | * kee p the SSOE "alive", even if al l the othe r properly | 66 | * kee p the SSOE "alive", even if al l the othe r properly | 66 | * kee p the SSOE "alive", even if al l the othe r properly | |||||
| 67 | * aut henticated Sessions expire fir st... unti l it expir es too. | 67 | * aut henticated Sessions expire fir st... unti l it expir es too. | 67 | * aut henticated Sessions expire fir st... unti l it expir es too. | |||||
| 68 | * </l i> | 68 | * </l i> | 68 | * </l i> | |||||
| 69 | * </u l> | 69 | * </u l> | 69 | * </u l> | |||||
| 70 | * | 70 | * | 70 | * | |||||
| 71 | * @pa ram reques t Request we are pr ocessing | 71 | * @pa ram reques t Request we are pr ocessing | 71 | * @pa ram reques t Request we are pr ocessing | |||||
| 72 | * @pa ram respon se Respons e we are c reating | 72 | * @pa ram respon se Respons e we are c reating | 72 | * @pa ram respon se Respons e we are c reating | |||||
| 73 | * @re turn boole an to indi cate wheth er the use r is authe nticated | 73 | * @re turn boole an to indi cate wheth er the use r is authe nticated | 73 | * @re turn boole an to indi cate wheth er the use r is authe nticated | |||||
| 74 | * @ex ception IO Exception if an inpu t/output e rror occur s | 74 | * @ex ception IO Exception if an inpu t/output e rror occur s | 74 | * @ex ception IO Exception if an inpu t/output e rror occur s | |||||
| 75 | */ | 75 | */ | 75 | */ | |||||
| 76 | @Overr ide | 76 | @Overr ide | 76 | @Overr ide | |||||
| 77 |
p
ubli
c
|
77 | p rote c ted boolean doA uthenticat e(Request request, H ttpServlet Response r esponse) | 77 | protec ted boolea n doAuthen ticate(Req uest reque st, HttpSe rvletRespo nse respon se) | |||||
| 78 | th rows IOExc eption { | 78 | th rows IOExc eption { | 78 | th rows IOExc eption { | |||||
| 79 | 79 | 79 | ||||||||
| 80 | // Don't try and use S SO to auth enticate s ince there is no aut h | 80 | // Don't try and use S SO to auth enticate s ince there is no aut h | 80 | // Don't try and use S SO to auth enticate s ince there is no aut h | |||||
| 81 | // configure d for this web appli cation | 81 | // configure d for this web appli cation | 81 | // configure d for this web appli cation | |||||
| 82 | if (checkFor CachedAuth entication (request, response, true)) { | 82 | if (checkFor CachedAuth entication (request, response, true)) { | 82 | if (checkFor CachedAuth entication (request, response, true)) { | |||||
| 83 | // save the inheri ted Princi pal in thi s session so it can remain | 83 | // save the inheri ted Princi pal in thi s session so it can remain | 83 | // save the inheri ted Princi pal in thi s session so it can remain | |||||
| 84 | // authe nticated u ntil it ex pires | 84 | // authe nticated u ntil it ex pires | 84 | // authe nticated u ntil it ex pires | |||||
| 85 | if (cach e) { | 85 | if (cach e) { | 85 | if (cach e) { | |||||
| 86 | requ est.getSes sionIntern al(true).s etPrincipa l(request. getUserPri ncipal()); | 86 | requ est.getSes sionIntern al(true).s etPrincipa l(request. getUserPri ncipal()); | 86 | requ est.getSes sionIntern al(true).s etPrincipa l(request. getUserPri ncipal()); | |||||
| 87 | } | 87 | } | 87 | } | |||||
| 88 | return t rue; | 88 | return t rue; | 88 | return t rue; | |||||
| 89 | } | 89 | } | 89 | } | |||||
| 90 | 90 | 90 | ||||||||
| 91 | // No Princi pal means the user i s not alre ady authen ticated | 91 | // No Princi pal means the user i s not alre ady authen ticated | 91 | // No Princi pal means the user i s not alre ady authen ticated | |||||
| 92 | // and so wi ll not be assigned a ny roles. It is safe to | 92 | // and so wi ll not be assigned a ny roles. It is safe to | 92 | // and so wi ll not be assigned a ny roles. It is safe to | |||||
| 93 | // to say th e user is now authen ticated be cause acce ss to | 93 | // to say th e user is now authen ticated be cause acce ss to | 93 | // to say th e user is now authen ticated be cause acce ss to | |||||
| 94 | // protected resources will only be allowe d with a m atching ro le. | 94 | // protected resources will only be allowe d with a m atching ro le. | 94 | // protected resources will only be allowe d with a m atching ro le. | |||||
| 95 | // i.e. SC_F ORBIDDEN ( 403 status ) will be generated later. | 95 | // i.e. SC_F ORBIDDEN ( 403 status ) will be generated later. | 95 | // i.e. SC_F ORBIDDEN ( 403 status ) will be generated later. | |||||
| 96 | if (containe rLog.isDeb ugEnabled( )) | 96 | if (containe rLog.isDeb ugEnabled( )) | 96 | if (containe rLog.isDeb ugEnabled( )) | |||||
| 97 | containe rLog.debug ("User aut henticated without a ny roles") ; | 97 | containe rLog.debug ("User aut henticated without a ny roles") ; | 97 | containe rLog.debug ("User aut henticated without a ny roles") ; | |||||
| 98 | re turn true; | 98 | re turn true; | 98 | re turn true; | |||||
| 99 | } | 99 | } | 99 | } | |||||
| 100 | 100 | 100 | ||||||||
| 101 | 101 | 101 | ||||||||
| 102 | /** | 102 | /** | 102 | /** | |||||
| 103 | * Ret urn the au thenticati on method, which is vendor-spe cific and | 103 | * Ret urn the au thenticati on method, which is vendor-spe cific and | 103 | * Ret urn the au thenticati on method, which is vendor-spe cific and | |||||
| 104 | * not defined b y HttpServ letRequest . | 104 | * not defined b y HttpServ letRequest . | 104 | * not defined b y HttpServ letRequest . | |||||
| 105 | */ | 105 | */ | 105 | */ | |||||
| 106 | @Overr ide | 106 | @Overr ide | 106 | @Overr ide | |||||
| 107 | protec ted String getAuthMe thod() { | 107 | protec ted String getAuthMe thod() { | 107 | protec ted String getAuthMe thod() { | |||||
| 108 | re turn "NONE "; | 108 | re turn "NONE "; | 108 | re turn "NONE "; | |||||
| 109 | } | 109 | } | 109 | } | |||||
| 110 | } | 110 | } | 110 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993–2017 Araxis Ltd (www.araxis.com). All rights reserved.