Author: shane.bryzak(a)jboss.com Date: 2008-08-15 04:53:19 -0400 (Fri, 15 Aug 2008) New Revision: 8695 Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java Log: JBSEAM-3109 Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java =================================================================== --- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-08-15 08:40:05 UTC (rev 8694) +++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-08-15 08:53:19 UTC (rev 8695) @@ -152,7 +152,8 @@ } // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated - if (!username.equals(credentials.getUsername()) || !identity.isLoggedIn()) + if (credentials != null && !username.equals(credentials.getUsername()) || + (identity != null && !identity.isLoggedIn())) { try { @@ -167,7 +168,7 @@ } } - if (!identity.isLoggedIn() && !credentials.isSet()) + if (identity != null && !identity.isLoggedIn() && credentials != null && !credentials.isSet()) { requireAuth = true; } @@ -185,7 +186,7 @@ requireAuth = true; } - if (requireAuth && !identity.isLoggedIn()) + if ((requireAuth && (identity != null && !identity.isLoggedIn())) || identity == null) { response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized"); @@ -250,7 +251,7 @@ } } - if (!identity.isLoggedIn() && !credentials.isSet()) + if (identity != null && !identity.isLoggedIn() && credentials != null && !credentials.isSet()) { requireAuth = true; } @@ -268,7 +269,7 @@ requireAuth = true; } - if (requireAuth && !identity.isLoggedIn()) + if ((requireAuth && (identity != null && !identity.isLoggedIn())) || identity == null) { long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);