Skip to content

Commit e053bfd

Browse files
committed
Start another round of code review
Add a tweak to cors, needs review.
1 parent f3dccd6 commit e053bfd

18 files changed

Lines changed: 59 additions & 41 deletions

java/org/apache/catalina/AccessLog.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -69,11 +69,11 @@ public interface AccessLog {
6969
* Should this valve use request attributes for IP address, hostname, protocol and port used for the request? The
7070
* attributes used are:
7171
* <ul>
72-
* <li>org.apache.catalina.RemoteAddr</li>
73-
* <li>org.apache.catalina.RemoteHost</li>
74-
* <li>org.apache.catalina.Protocol</li>
75-
* <li>org.apache.catalina.ServerName</li>
76-
* <li>org.apache.catalina.ServerPost</li>
72+
* <li>org.apache.catalina.AccessLog.RemoteAddr</li>
73+
* <li>org.apache.catalina.AccessLog.RemoteHost</li>
74+
* <li>org.apache.catalina.AccessLog.Protocol</li>
75+
* <li>org.apache.catalina.AccessLog.ServerName</li>
76+
* <li>org.apache.catalina.AccessLog.ServerPort</li>
7777
* </ul>
7878
*
7979
* @param requestAttributesEnabled <code>true</code> causes the attributes to be used, <code>false</code> causes the

java/org/apache/catalina/Authenticator.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public interface Authenticator {
3737
* @param request Request we are processing
3838
* @param response Response we are populating
3939
*
40-
* @return <code>true</code> if any specified constraints have been satisfied, or <code>false</code> if one more
40+
* @return <code>true</code> if any specified constraints have been satisfied, or <code>false</code> if one or more
4141
* constraints were not satisfied (in which case an authentication challenge will have been written to
4242
* the response).
4343
*

java/org/apache/catalina/Context.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1618,7 +1618,7 @@ Set<String> addServletSecurity(ServletRegistration.Dynamic registration,
16181618
* class - IllegalArgumentException will be thrown.
16191619
*
16201620
* @param clazz Fully qualified class name
1621-
* @param method Post construct method name
1621+
* @param method Pre destroy method name
16221622
*
16231623
* @throws IllegalArgumentException if the fully qualified class name or method name are <code>NULL</code>; if there
16241624
* is already pre destroy method definition for the given class

java/org/apache/catalina/ant/AbstractCatalinaTask.java

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import java.net.URI;
2727
import java.net.URISyntaxException;
2828
import java.net.URLConnection;
29+
import java.nio.charset.StandardCharsets;
2930

3031
import org.apache.catalina.util.IOTools;
3132
import org.apache.tomcat.util.http.Method;
@@ -46,13 +47,6 @@ public abstract class AbstractCatalinaTask extends BaseRedirectorHelperTask {
4647
protected AbstractCatalinaTask() {
4748
}
4849

49-
// ----------------------------------------------------- Instance Variables
50-
51-
/**
52-
* manager webapp's encoding.
53-
*/
54-
private static final String CHARSET = "utf-8";
55-
5650

5751
// ------------------------------------------------------------- Properties
5852

@@ -270,7 +264,7 @@ public void execute(String command, InputStream istream, String contentType, lon
270264
}
271265

272266
// Process the response message
273-
reader = new InputStreamReader(hconn.getInputStream(), CHARSET);
267+
reader = new InputStreamReader(hconn.getInputStream(), StandardCharsets.UTF_8);
274268
StringBuilder buff = new StringBuilder();
275269
String error = null;
276270
int msgPriority = Project.MSG_INFO;

java/org/apache/catalina/ant/JKStatusUpdateTask.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -366,8 +366,9 @@ private StringBuilder createLink() {
366366
sb.append("&ws=");
367367
sb.append(workerStopped);
368368
}
369-
if ((workerRedirect != null)) { // other worker conrecte lb's
369+
if ((workerRedirect != null)) { // redirect to other worker or load balancer
370370
sb.append("&wr=");
371+
sb.append(URLEncoder.encode(workerRedirect, getCharset()));
371372
}
372373
if ((workerClusterDomain != null)) {
373374
sb.append("&wc=");
@@ -400,10 +401,10 @@ protected void checkParameter() {
400401
throw new BuildException(
401402
"Must specify at a lb worker either" + "'lbStickySession' and 'lbForceSession' attribute");
402403
}
403-
if (null != lbRecovertime && 60 < lbRecovertime.intValue()) {
404+
if (null != lbRecovertime && lbRecovertime.intValue() < 60) {
404405
throw new BuildException("The 'lbRecovertime' must be greater than 59");
405406
}
406-
if (null != lbRetries && 1 < lbRetries.intValue()) {
407+
if (null != lbRetries && lbRetries.intValue() < 2) {
407408
throw new BuildException("The 'lbRetries' must be greater than 1");
408409
}
409410
isLBMode = true;

java/org/apache/catalina/authenticator/AuthenticatorBase.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -671,8 +671,9 @@ protected boolean allowCorsPreflightBypass(Request request) {
671671
// This is a subset of the tests in CorsFilter.checkRequestType
672672
if (Method.OPTIONS.equals(request.getMethod())) {
673673
String originHeader = request.getHeader(CorsFilter.REQUEST_HEADER_ORIGIN);
674-
if (originHeader != null && !originHeader.isEmpty() && RequestUtil.isValidOrigin(originHeader) &&
675-
!RequestUtil.isSameOrigin(request, originHeader)) {
674+
if (originHeader != null && !originHeader.isEmpty()
675+
&& !"null".equals(originHeader) && RequestUtil.isValidOrigin(originHeader)
676+
&& !RequestUtil.isSameOrigin(request, originHeader)) {
676677
String accessControlRequestMethodHeader =
677678
request.getHeader(CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
678679
if (accessControlRequestMethodHeader != null && !accessControlRequestMethodHeader.isEmpty()) {
@@ -1269,7 +1270,7 @@ public void login(String username, String password, Request request) throws Serv
12691270
* @param username The user
12701271
* @param password The password
12711272
*
1272-
* @return The authenticated Principal
1273+
* @return The non null authenticated Principal
12731274
*
12741275
* @throws ServletException No principal was authenticated with the specified credentials
12751276
*/

java/org/apache/catalina/authenticator/BasicAuthenticator.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,8 @@ public BasicAuthenticator() {
5151

5252
/**
5353
* Returns the character set used for encoding credentials, as set by the user.
54-
* If the charset was null or empty, the effective charset will be ISO-8859-1.
5554
*
56-
* @return the character set name
55+
* @return the character set name, the default value is "UTF-8"
5756
*/
5857
public String getCharset() {
5958
return charsetString;
@@ -65,6 +64,7 @@ public String getCharset() {
6564
* ISO-8859-1.
6665
*
6766
* @param charsetString the character set name
67+
* @throws IllegalArgumentException if the charset is not supported
6868
*/
6969
public void setCharset(String charsetString) {
7070
// Only acceptable options are null, "" or "UTF-8" (case-insensitive)
@@ -241,6 +241,7 @@ private void parseCredentials(byte[] decoded) throws IllegalArgumentException {
241241
}
242242
}
243243

244+
// Tomcat allows a null password
244245
if (colon < 0) {
245246
username = new String(decoded, charset);
246247
// password will remain null!

java/org/apache/catalina/authenticator/LocalStrings.properties

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,5 +94,6 @@ spnegoAuthenticator.ticketValidateFail=Failed to validate client supplied ticket
9494

9595
sslAuthenticatorValve.authFailed=Authentication with the provided certificates failed
9696
sslAuthenticatorValve.http2=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support HTTP/2. Use of CLIENT-CERT authentication is not compatible with the use of HTTP/2 unless certificateVerification is set to required.
97+
sslAuthenticatorValve.invalidContainer=The SSL authenticator valve must be associated with a Context container, with a parent Host and a parent Engine
9798
sslAuthenticatorValve.noCertificates=No certificates are included with this request
9899
sslAuthenticatorValve.tls13=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support TLS 1.3 using JSSE. Use of CLIENT-CERT authentication is not compatible with the use of TLS 1.3 and JSSE unless certificateVerification is set to required.

java/org/apache/catalina/authenticator/SSLAuthenticator.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,14 +164,17 @@ protected void startInternal() throws LifecycleException {
164164
*/
165165
Container container = getContainer();
166166
if (!(container instanceof Context context)) {
167+
log.warn(sm.getString("sslAuthenticatorValve.invalidContainer"));
167168
return;
168169
}
169170
container = context.getParent();
170171
if (!(container instanceof Host host)) {
172+
log.warn(sm.getString("sslAuthenticatorValve.invalidContainer"));
171173
return;
172174
}
173175
container = host.getParent();
174176
if (!(container instanceof Engine engine)) {
177+
log.warn(sm.getString("sslAuthenticatorValve.invalidContainer"));
175178
return;
176179
}
177180

java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,8 @@ public SimpleServerAuthContext(List<ServerAuthModule> modules) {
4949
/**
5050
* {@inheritDoc}
5151
* <p>
52-
* Iterates through the configured modules and returns the first result that is not {@code SEND_FAILURE}.
52+
* Iterates through the configured modules in order and returns the first result that is not
53+
* {@code SEND_FAILURE}. If all modules return {@code SEND_FAILURE}, returns {@code SEND_FAILURE}.
5354
*/
5455
@Override
5556
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)

0 commit comments

Comments
 (0)