JBossWeb SVN: r2120 - in branches: 7.2.x/src/main/java/org/apache/catalina/authenticator and 1 other directory. - jbossweb-commits

Monday, 12 November 2012


Author: remy.maucherat(a)jboss.com
Date: 2012-11-12 10:55:36 -0500 (Mon, 12 Nov 2012)
New Revision: 2120

Modified:
   branches/7.0.x/java/org/apache/catalina/authenticator/FormAuthenticator.java
   branches/7.2.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
Log:
Change session id (if configured) before forwarding to login page.

Modified: branches/7.0.x/java/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
---
branches/7.0.x/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012-11-09
16:52:26 UTC (rev 2119)
+++
branches/7.0.x/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012-11-12
15:55:36 UTC (rev 2120)
@@ -31,6 +31,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -356,6 +357,14 @@
      */
     protected void forwardToLoginPage(Request request, HttpServletResponse response,
LoginConfig config)
         throws IOException {
+        if (changeSessionIdOnAuthentication) {
+            Session session = request.getSessionInternal(false);
+            if (session != null) {
+                Manager manager = request.getContext().getManager();
+                manager.changeSessionId(session, request.getRandom());
+                request.changeSessionId(session.getId());
+            }
+        }
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher(config.getLoginPage());
         try {

Modified:
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
---
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012-11-09
16:52:26 UTC (rev 2119)
+++
branches/7.2.x/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java	2012-11-12
15:55:36 UTC (rev 2120)
@@ -33,6 +33,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.Manager;
 import org.apache.catalina.Realm;
 import org.apache.catalina.Session;
 import org.apache.catalina.connector.Request;
@@ -357,6 +358,14 @@
      */
     protected void forwardToLoginPage(Request request, HttpServletResponse response,
LoginConfig config)
         throws IOException {
+        if (changeSessionIdOnAuthentication) {
+            Session session = request.getSessionInternal(false);
+            if (session != null) {
+                Manager manager = request.getContext().getManager();
+                manager.changeSessionId(session, request.getRandom());
+                request.changeSessionId(session.getId());
+            }
+        }
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher(config.getLoginPage());
         try {


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

JBossWeb SVN: r2120 - in branches: 7.2.x/src/main/java/org/apache/catalina/authenticator and 1 other directory.