Author: mposolda
Date: 2011-11-25 05:06:30 -0500 (Fri, 25 Nov 2011)
New Revision: 8145
Modified:
epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
Log:
GTNMGMT-33 Fix NPE in PortalLoginModule, which can happen during CLI login
Modified:
epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
===================================================================
---
epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-11-25
10:00:28 UTC (rev 8144)
+++
epp/portal/branches/EPP_5_2_Branch/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-11-25
10:06:30 UTC (rev 8145)
@@ -1,16 +1,20 @@
-/**
- * Copyright (C) 2009 eXo Platform SAS.
- *
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2011, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
- *
+ *
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
@@ -26,12 +30,8 @@
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;
-import org.exoplatform.web.login.InitiateLoginServlet;
import org.gatein.wci.security.Credentials;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
@@ -92,7 +92,15 @@
try
{
- HttpServletRequest request =
(HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ HttpServletRequest request = getCurrentHttpServletRequest();
+
+ // This can be the case with CLI login
+ if (request == null)
+ {
+ log.debug("Unable to find HTTPServletRequest.");
+ return false;
+ }
+
authCredentials =
(Credentials)request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);
// If authenticated credentials were presented in HTTP session, it means that
we were already logged on different cluster node
@@ -139,6 +147,7 @@
{
// Add authenticated credentials to session only if we were logged on this host
with "real" credentials
if (getContextMethod != null &&
+ isClusteredSSO() &&
sharedState.containsKey("javax.security.auth.login.name") &&
sharedState.containsKey("javax.security.auth.login.password")
&&
sharedState.get(LOGIN_ON_DIFFERENT_NODE) == null)
@@ -150,9 +159,18 @@
HttpServletRequest request = null;
try
{
- request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
- request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc);
- handleCredentialsRemoving(request);
+ request = getCurrentHttpServletRequest();
+
+ // This can be the case with CLI login
+ if (request == null)
+ {
+ log.debug("Unable to find HTTPServletRequest.");
+ }
+ else
+ {
+ request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc);
+ handleCredentialsRemoving(request);
+ }
}
catch(Exception e)
{
@@ -201,4 +219,22 @@
// TODO: We can't remove credentials from HTTP session right now because
WSRP-Security relies on it. See method WSSecurityCredentialHelper.handleRequest
// request.getSession().removeAttribute(Credentials.CREDENTIALS);
}
+
+ private HttpServletRequest getCurrentHttpServletRequest()
+ {
+ HttpServletRequest request = null;
+ try
+ {
+ if (getContextMethod != null)
+ {
+ request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ }
+ }
+ catch (Exception e)
+ {
+ log.debug("Exception when trying to obtain HTTPServletRequest.", e);
+ }
+
+ return request;
+ }
}