Produced by Araxis Merge on 12/5/2017 12:06:49 PM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\TomcatAdapter\main\src\java\gov\va\med\server\tomcat | TomcatBasicAuthenticatorValve.java | Mon Dec 4 21:34:46 2017 UTC |
| 2 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\TomcatAdapter\main\src\java\gov\va\med\server\tomcat | TomcatBasicAuthenticatorValve.java | Mon Dec 4 22:05:57 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 3 | 172 |
| Changed | 2 | 4 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /** | |
| 2 | * | |
| 3 | Package: MAG - Vis tA Imaging | |
| 4 | WARNING: Per VHA D irective 2 004-038, t his routin e should n ot be modi fied. | |
| 5 | Date Cre ated: May 19, 2011 | |
| 6 | Site Nam e: Washin gton OI Fi eld Office , Silver S pring, MD | |
| 7 | Developer:
|
|
| 8 | Descript ion: | |
| 9 | ||
| 10 | ;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- + | |
| 11 | ;; Property of the US Government . | |
| 12 | ;; No permis sion to co py or redi stribute t his softwa re is give n. | |
| 13 | ;; Use of un released v ersions of this soft ware requi res the us er | |
| 14 | ;; to execu te a writt en test ag reement wi th the Vis tA Imaging | |
| 15 | ;; Developm ent Office of the De partment o f Veterans Affairs, | |
| 16 | ;; telephon e (301) 73 4-0100. | |
| 17 | ;; | |
| 18 | ;; The Food and Drug A dministrat ion classi fies this software a s | |
| 19 | ;; a Class I I medical device. A s such, it may not b e changed | |
| 20 | ;; in any wa y. Modifi cations to this soft ware may r esult in a n | |
| 21 | ;; adulterat ed medical device un der 21CFR8 20, the us e of which | |
| 22 | ;; is consid ered to be a violati on of US F ederal Sta tutes. | |
| 23 | ;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- + | |
| 24 | ||
| 25 | */ | |
| 26 | package go v.va.med.s erver.tomc at; | |
| 27 | ||
| 28 | import gov .va.med.im aging.tomc at.vistare alm.RealmE rrorContex t; | |
| 29 | ||
| 30 | import jav a.io.IOExc eption; | |
| 31 | ||
| 32 | import org .apache.ca talina.con nector.Req uest; | |
| 33 | import org .apache.ca talina.con nector.Res ponse; | |
| 34 | //import o rg.apache. catalina.d eploy.Logi nConfig; | |
| 35 | import org .apache.to mcat.util. descriptor .web.Login Config; | |
| 36 | import org .apache.lo gging.log4 j.LogManag er; | |
| 37 | import org .apache.lo gging.log4 j.Logger; | |
| 38 | ||
| 39 | ||
| 40 | /** | |
| 41 | * This ex tends the Basic auth entication valve for Tomcat an d checks f or values on thread local to a dd as resp onse heade rs. | |
| 42 | * This al lows a cli ent to kno w why an a uthenticat ion failed | |
| 43 | * | |
| 44 | * @author
|
|
| 45 | * | |
| 46 | */ | |
| 47 | public cla ss TomcatB asicAuthen ticatorVal ve | |
| 48 | extends or g.apache.c atalina.au thenticato r.BasicAut henticator | |
| 49 | { | |
| 50 | pr ivate fina l static L ogger logg er = LogMa nager.getL ogger(Tomc atBasicAut henticator Valve.clas s); | |
| 51 | pu blic final static St ring httpH eaderAuthe nticateErr orMessage = "xxx-aut henticate- error-mess age"; | |
| 52 | pu blic final static St ring httpH eaderAuthe nticateErr orName = " xxx-authen ticate-err or-name"; | |
| 53 | pu blic final static St ring httpH eaderSkipV istaAuthen tication = "xxx-skip -vista-aut henticatio n"; | |
| 54 | ||
| 55 | pu blic Tomca tBasicAuth enticatorV alve() | |
| 56 | { | |
| 57 | supe r(); | |
| 58 | logg er.info("T omcatBasic Authentica torValve < ctor>"); | |
| 59 | } | |
| 60 | ||
| 61 | // @Override | |
| 62 | pu blic boole an authent icate(Requ est reques t, Respons e response , LoginCon fig loginC onfig) | |
| 63 | throws IOExcepti on | |
| 64 | { | |
| 65 | // m ust clear before cal ling to en sure not u sing a pre vious atte mpts data (since thr eads are r ecycled) | |
| 66 | Real mErrorCont ext.clear( ); | |
| 67 | logg er.debug(" Authentica ting via T omcatBasic Authentica torValue." ); | |
| 68 | Stri ng skipVis taAuthenti cationStri ng = requ est.getHea der(httpHe aderSkipVi staAuthent ication); | |
| 69 | if(s kipVistaAu thenticati onString ! = null){ | |
| 70 | RealmE rrorContex t.setSkipV istaAuthen tication(s kipVistaAu thenticati onString); | |
| 71 | } | |
| 72 | //bo olean resu lt = super .authentic ate(reques t, respons e, loginCo nfig); | |
| 73 | bool ean result = super.a uthenticat e(request, response) ; | |
| 74 | if(! result) | |
| 75 | { | |
| 76 | String errorMess age = Real mErrorCont ext.getPro perty(Real mErrorCont ext.realmE rrorContex tException Message); | |
| 77 | String exception Class = Re almErrorCo ntext.getP roperty(Re almErrorCo ntext.real mErrorCont extExcepti onName); | |
| 78 | logger .debug("au thenticati on failed with error '" + (exc eptionClas s == null ? "<null>" : excepti onClass) + "' and me ssage '" + (errorMes sage == nu ll ? "<nul l>" : erro rMessage) + "'."); | |
| 79 | if(err orMessage != null) | |
| 80 | response .addHeader (httpHeade rAuthentic ateErrorMe ssage, err orMessage) ; | |
| 81 | if(exc eptionClas s != null) | |
| 82 | response .addHeader (httpHeade rAuthentic ateErrorNa me, except ionClass); | |
| 83 | } | |
| 84 | Real mErrorCont ext.unsetR ealmErrorC ontext(); | |
| 85 | retu rn result; | |
| 86 | } | |
| 87 | ||
| 88 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.