Author: shane.bryzak(a)jboss.com Date: 2008-02-03 20:06:20 -0500 (Sun, 03 Feb 2008) New Revision: 7350 Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java Log: authenticate all requests Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java =================================================================== --- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-02-03 15:28:16 UTC (rev 7349) +++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-02-04 01:06:20 UTC (rev 7350) @@ -15,7 +15,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.jboss.seam.Seam; import org.jboss.seam.annotations.Install; import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; @@ -153,12 +152,20 @@ // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated if (!username.equals(identity.getUsername()) || !identity.isLoggedIn()) { - identity.setUsername(username); - identity.setPassword(password); - } + try + { + identity.setPassword(password); + authenticate( request, username ); + } + catch (Exception ex) + { + log.error("Error authenticating: " + ex.getMessage()); + requireAuth = true; + } + } } - if (!requireAuth && !identity.isLoggedIn() && !identity.isCredentialsSet()) + if (!identity.isLoggedIn() && !identity.isCredentialsSet()) { requireAuth = true; }