Produced by Araxis Merge on 11/20/2017 2:15:52 PM GMT Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | C:\Merge Test Files\8.0.47\java\org\apache\catalina\authenticator | SSLAuthenticator.java | Fri Sep 29 16:53:28 2017 UTC |
| 2 | C:\Merge Test Files\8.5.23\java\org\apache\catalina\authenticator | SSLAuthenticator.java | Thu Sep 28 11:32:16 2017 UTC |
| 3 | C:\Merge Test Files\9.0.1\java\org\apache\catalina\authenticator | SSLAuthenticator.java | Wed Sep 27 18:33:40 2017 UTC |
| Note: Merge considers the second file to be the common ancestor of the others. | |||
| Description | Between Files 1 and 2 |
Between Files 2 and 3 |
Relative to Common Ancestor |
|||
|---|---|---|---|---|---|---|
| Text Blocks | Lines | Text Blocks | Lines | Text Blocks | Lines | |
| Unchanged | 4 | 200 | 1 | 206 | ||
| Changed | 3 | 6 | 0 | 0 | 3 | 6 |
| Inserted | 0 | 0 | 0 | 0 | 0 | 0 |
| Removed | 0 | 0 | 0 | 0 | 0 | 0 |
| Note: An automatic merge would leave 0 conflict(s). | ||||||
| Whitespace | Consecutive whitespace is treated as a single space |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /* | 1 | /* | 1 | /* | |||||
| 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | 2 | * License d to the A pache Soft ware Found ation (ASF ) under on e or more | |||||
| 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | 3 | * contrib utor licen se agreeme nts. See the NOTICE file dist ributed wi th | |||||
| 4 | * this wo rk for add itional in formation regarding copyright ownership. | 4 | * this wo rk for add itional in formation regarding copyright ownership. | 4 | * this wo rk for add itional in formation regarding copyright ownership. | |||||
| 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | 5 | * The ASF licenses this file to You und er the Apa che Licens e, Version 2.0 | |||||
| 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | 6 | * (the "L icense"); you may no t use this file exce pt in comp liance wit h | |||||
| 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | 7 | * the Lic ense. You may obtai n a copy o f the Lice nse at | |||||
| 8 | * | 8 | * | 8 | * | |||||
| 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | 9 | * ht tp://www.a pache.org/ licenses/L ICENSE-2.0 | |||||
| 10 | * | 10 | * | 10 | * | |||||
| 11 | * Unless required b y applicab le law or agreed to in writing , software | 11 | * Unless required b y applicab le law or agreed to in writing , software | 11 | * Unless required b y applicab le law or agreed to in writing , software | |||||
| 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | 12 | * distrib uted under the Licen se is dist ributed on an "AS IS " BASIS, | |||||
| 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | 13 | * WITHOUT WARRANTIE S OR CONDI TIONS OF A NY KIND, e ither expr ess or imp lied. | |||||
| 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | 14 | * See the License f or the spe cific lang uage gover ning permi ssions and | |||||
| 15 | * limitat ions under the Licen se. | 15 | * limitat ions under the Licen se. | 15 | * limitat ions under the Licen se. | |||||
| 16 | */ | 16 | */ | 16 | */ | |||||
| 17 | package or g.apache.c atalina.au thenticato r; | 17 | package or g.apache.c atalina.au thenticato r; | 17 | package or g.apache.c atalina.au thenticato r; | |||||
| 18 | 18 | 18 | ||||||||
| 19 | import jav a.io.IOExc eption; | 19 | import jav a.io.IOExc eption; | 19 | import jav a.io.IOExc eption; | |||||
| 20 | import jav a.security .Principal ; | 20 | import jav a.security .Principal ; | 20 | import jav a.security .Principal ; | |||||
| 21 | import jav a.security .cert.X509 Certificat e; | 21 | import jav a.security .cert.X509 Certificat e; | 21 | import jav a.security .cert.X509 Certificat e; | |||||
| 22 | 22 | 22 | ||||||||
| 23 | import jav ax.servlet .http.Http ServletReq uest; | 23 | import jav ax.servlet .http.Http ServletReq uest; | 23 | import jav ax.servlet .http.Http ServletReq uest; | |||||
| 24 | import jav ax.servlet .http.Http ServletRes ponse; | 24 | import jav ax.servlet .http.Http ServletRes ponse; | 24 | import jav ax.servlet .http.Http ServletRes ponse; | |||||
| 25 | 25 | 25 | ||||||||
| 26 | import org .apache.ca talina.con nector.Req uest; | 26 | import org .apache.ca talina.con nector.Req uest; | 26 | import org .apache.ca talina.con nector.Req uest; | |||||
| 27 | 27 | 27 | ||||||||
| 28 | /** | 28 | /** | 28 | /** | |||||
| 29 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation o f authenti cation | 29 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation o f authenti cation | 29 | * An <b>A uthenticat or</b> and <b>Valve< /b> implem entation o f authenti cation | |||||
| 30 | * that ut ilizes SSL certifica tes to ide ntify clie nt users. | 30 | * that ut ilizes SSL certifica tes to ide ntify clie nt users. | 30 | * that ut ilizes SSL certifica tes to ide ntify clie nt users. | |||||
| 31 | * | 31 | * | 31 | * | |||||
| 32 | * @author Craig R. McClanahan | 32 | * @author Craig R. McClanahan | 32 | * @author Craig R. McClanahan | |||||
| 33 | */ | 33 | */ | 33 | */ | |||||
| 34 | public cla ss SSLAuth enticator extends Au thenticato rBase { | 34 | public cla ss SSLAuth enticator extends Au thenticato rBase { | 34 | public cla ss SSLAuth enticator extends Au thenticato rBase { | |||||
| 35 | 35 | 35 | ||||||||
| 36 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | 36 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | 36 | // --- ---------- ---------- ---------- ---------- ---------- ---- Publi c Methods | |||||
| 37 | 37 | 37 | ||||||||
| 38 | /** | 38 | /** | 38 | /** | |||||
| 39 | * Aut henticate the user b y checking for the e xistence o f a certif icate | 39 | * Aut henticate the user b y checking for the e xistence o f a certif icate | 39 | * Aut henticate the user b y checking for the e xistence o f a certif icate | |||||
| 40 | * cha in, valida ting it ag ainst the trust mana ger for th e connecto r and then | 40 | * cha in, valida ting it ag ainst the trust mana ger for th e connecto r and then | 40 | * cha in, valida ting it ag ainst the trust mana ger for th e connecto r and then | |||||
| 41 | * val idating th e user's i dentity ag ainst the configured Realm. | 41 | * val idating th e user's i dentity ag ainst the configured Realm. | 41 | * val idating th e user's i dentity ag ainst the configured Realm. | |||||
| 42 | * | 42 | * | 42 | * | |||||
| 43 | * @pa ram reques t Request we are pro cessing | 43 | * @pa ram reques t Request we are pro cessing | 43 | * @pa ram reques t Request we are pro cessing | |||||
| 44 | * @pa ram respon se Respons e we are c reating | 44 | * @pa ram respon se Respons e we are c reating | 44 | * @pa ram respon se Respons e we are c reating | |||||
| 45 | * | 45 | * | 45 | * | |||||
| 46 | * @ex ception IO Exception if an inpu t/output e rror occur s | 46 | * @ex ception IO Exception if an inpu t/output e rror occur s | 46 | * @ex ception IO Exception if an inpu t/output e rror occur s | |||||
| 47 | */ | 47 | */ | 47 | */ | |||||
| 48 | @Overr ide | 48 | @Overr ide | 48 | @Overr ide | |||||
| 49 |
p
ubli
c
|
49 | p rote c ted boolean doA uthenticat e(Request request, H ttpServlet Response r esponse) | 49 | protec ted boolea n doAuthen ticate(Req uest reque st, HttpSe rvletRespo nse respon se) | |||||
| 50 | throws I OException { | 50 | throws I OException { | 50 | throws I OException { | |||||
| 51 | 51 | 51 | ||||||||
| 52 | // NOTE: We don't try to reauthe nticate us ing any ex isting SSO session, | 52 | // NOTE: We don't try to reauthe nticate us ing any ex isting SSO session, | 52 | // NOTE: We don't try to reauthe nticate us ing any ex isting SSO session, | |||||
| 53 | // because t hat will o nly work i f the orig inal authe ntication was | 53 | // because t hat will o nly work i f the orig inal authe ntication was | 53 | // because t hat will o nly work i f the orig inal authe ntication was | |||||
| 54 | // BASIC or FORM, whic h are less secure th an the CLI ENT-CERT a uth-type | 54 | // BASIC or FORM, whic h are less secure th an the CLI ENT-CERT a uth-type | 54 | // BASIC or FORM, whic h are less secure th an the CLI ENT-CERT a uth-type | |||||
| 55 | // specified for this webapp | 55 | // specified for this webapp | 55 | // specified for this webapp | |||||
| 56 | // | 56 | // | 56 | // | |||||
| 57 | // Change to true belo w to allow previous FORM or BA SIC authen tications | 57 | // Change to true belo w to allow previous FORM or BA SIC authen tications | 57 | // Change to true belo w to allow previous FORM or BA SIC authen tications | |||||
| 58 | // to authen ticate use rs for thi s webapp | 58 | // to authen ticate use rs for thi s webapp | 58 | // to authen ticate use rs for thi s webapp | |||||
| 59 | // TODO make this a co nfigurable attribute (in Singl eSignOn??) | 59 | // TODO make this a co nfigurable attribute (in Singl eSignOn??) | 59 | // TODO make this a co nfigurable attribute (in Singl eSignOn??) | |||||
| 60 | if (checkFor CachedAuth entication (request, response, false)) { | 60 | if (checkFor CachedAuth entication (request, response, false)) { | 60 | if (checkFor CachedAuth entication (request, response, false)) { | |||||
| 61 | return t rue; | 61 | return t rue; | 61 | return t rue; | |||||
| 62 | } | 62 | } | 62 | } | |||||
| 63 | 63 | 63 | ||||||||
| 64 | // Retrieve the certif icate chai n for this client | 64 | // Retrieve the certif icate chai n for this client | 64 | // Retrieve the certif icate chai n for this client | |||||
| 65 | if (containe rLog.isDeb ugEnabled( )) { | 65 | if (containe rLog.isDeb ugEnabled( )) { | 65 | if (containe rLog.isDeb ugEnabled( )) { | |||||
| 66 | containe rLog.debug (" Looking up certif icates"); | 66 | containe rLog.debug (" Looking up certif icates"); | 66 | containe rLog.debug (" Looking up certif icates"); | |||||
| 67 | } | 67 | } | 67 | } | |||||
| 68 | 68 | 68 | ||||||||
| 69 | X5 09Certific ate certs[ ] = getReq uestCertif icates(req uest); | 69 | X5 09Certific ate certs[ ] = getReq uestCertif icates(req uest); | 69 | X5 09Certific ate certs[ ] = getReq uestCertif icates(req uest); | |||||
| 70 | 70 | 70 | ||||||||
| 71 | if ((certs = = null) || (certs.le ngth < 1)) { | 71 | if ((certs = = null) || (certs.le ngth < 1)) { | 71 | if ((certs = = null) || (certs.le ngth < 1)) { | |||||
| 72 | if (cont ainerLog.i sDebugEnab led()) { | 72 | if (cont ainerLog.i sDebugEnab led()) { | 72 | if (cont ainerLog.i sDebugEnab led()) { | |||||
| 73 | cont ainerLog.d ebug(" No certifica tes includ ed with th is request "); | 73 | cont ainerLog.d ebug(" No certifica tes includ ed with th is request "); | 73 | cont ainerLog.d ebug(" No certifica tes includ ed with th is request "); | |||||
| 74 | } | 74 | } | 74 | } | |||||
| 75 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | 75 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | 75 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | |||||
| 76 | sm.getStri ng("authen ticator.ce rtificates ")); | 76 | sm.getStri ng("authen ticator.ce rtificates ")); | 76 | sm.getStri ng("authen ticator.ce rtificates ")); | |||||
| 77 | return f alse; | 77 | return f alse; | 77 | return f alse; | |||||
| 78 | } | 78 | } | 78 | } | |||||
| 79 | 79 | 79 | ||||||||
| 80 | // Authentic ate the sp ecified ce rtificate chain | 80 | // Authentic ate the sp ecified ce rtificate chain | 80 | // Authentic ate the sp ecified ce rtificate chain | |||||
| 81 | Pr incipal pr incipal = context.ge tRealm().a uthenticat e(certs); | 81 | Pr incipal pr incipal = context.ge tRealm().a uthenticat e(certs); | 81 | Pr incipal pr incipal = context.ge tRealm().a uthenticat e(certs); | |||||
| 82 | if (principa l == null) { | 82 | if (principa l == null) { | 82 | if (principa l == null) { | |||||
| 83 | if (cont ainerLog.i sDebugEnab led()) { | 83 | if (cont ainerLog.i sDebugEnab led()) { | 83 | if (cont ainerLog.i sDebugEnab led()) { | |||||
| 84 | cont ainerLog.d ebug(" Re alm.authen ticate() r eturned fa lse"); | 84 | cont ainerLog.d ebug(" Re alm.authen ticate() r eturned fa lse"); | 84 | cont ainerLog.d ebug(" Re alm.authen ticate() r eturned fa lse"); | |||||
| 85 | } | 85 | } | 85 | } | |||||
| 86 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | 86 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | 86 | response .sendError (HttpServl etResponse .SC_UNAUTH ORIZED, | |||||
| 87 | sm.getStr ing("authe nticator.u nauthorize d")); | 87 | sm.getStr ing("authe nticator.u nauthorize d")); | 87 | sm.getStr ing("authe nticator.u nauthorize d")); | |||||
| 88 | return ( false ) ; | 88 |
return
|
88 | return f alse; | |||||
| 89 | } | 89 | } | 89 | } | |||||
| 90 | 90 | 90 | ||||||||
| 91 | // Cache the principal (if reque sted) and record thi s authenti cation | 91 | // Cache the principal (if reque sted) and record thi s authenti cation | 91 | // Cache the principal (if reque sted) and record thi s authenti cation | |||||
| 92 | re gister(req uest, resp onse, prin cipal, | 92 | re gister(req uest, resp onse, prin cipal, | 92 | re gister(req uest, resp onse, prin cipal, | |||||
| 93 | Http ServletReq uest.CLIEN T_CERT_AUT H, null, n ull); | 93 | Http ServletReq uest.CLIEN T_CERT_AUT H, null, n ull); | 93 | Http ServletReq uest.CLIEN T_CERT_AUT H, null, n ull); | |||||
| 94 | return ( true ) ; | 94 |
return
|
94 | re turn true; | |||||
| 95 | 95 | 95 | ||||||||
| 96 | } | 96 | } | 96 | } | |||||
| 97 | 97 | 97 | ||||||||
| 98 | 98 | 98 | ||||||||
| 99 | @Overr ide | 99 | @Overr ide | 99 | @Overr ide | |||||
| 100 | protec ted String getAuthMe thod() { | 100 | protec ted String getAuthMe thod() { | 100 | protec ted String getAuthMe thod() { | |||||
| 101 | re turn HttpS ervletRequ est.CLIENT _CERT_AUTH ; | 101 | re turn HttpS ervletRequ est.CLIENT _CERT_AUTH ; | 101 | re turn HttpS ervletRequ est.CLIENT _CERT_AUTH ; | |||||
| 102 | } | 102 | } | 102 | } | |||||
| 103 | } | 103 | } | 103 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993–2017 Araxis Ltd (www.araxis.com). All rights reserved.