Author: shane.bryzak(a)jboss.com
Date: 2008-01-30 22:40:19 -0500 (Wed, 30 Jan 2008)
New Revision: 7318
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
Log:
JBSEAM-2556
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-30 21:49:43 UTC (rev
7317)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-31 03:40:19 UTC (rev
7318)
@@ -255,6 +255,8 @@
}
finally
{
+ // Set password to null whether authentication is successful or not
+ password = null;
authenticating = false;
}
}
@@ -290,8 +292,6 @@
}
preAuthenticationRoles.clear();
}
-
- password = null;
if (Events.exists()) Events.instance().raiseEvent(EVENT_POST_AUTHENTICATE, this);
}
Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
===================================================================
--- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-01-30 21:49:43 UTC
(rev 7317)
+++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-01-31 03:40:19 UTC
(rev 7318)
@@ -114,6 +114,9 @@
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
+ // Force session creation
+ httpRequest.getSession();
+
if (AUTH_TYPE_BASIC.equals(authType))
processBasicAuth(httpRequest, httpResponse, chain);
else if (AUTH_TYPE_DIGEST.equals(authType))
@@ -155,7 +158,7 @@
}
}
- if (!identity.isLoggedIn() && !identity.isCredentialsSet())
+ if (!requireAuth && !identity.isLoggedIn() &&
!identity.isCredentialsSet())
{
requireAuth = true;
}
@@ -184,7 +187,8 @@
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException
{
- Identity identity = (Identity) request.getSession().getAttribute(
Seam.getComponentName(Identity.class) );
+ Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
+ Identity identity = (Identity) ctx.get(Identity.class);
boolean requireAuth = false;
boolean nonceExpired = false;