[jboss-cvs] JBossAS SVN: r59061 - branches/JBoss_4_0_3_SP1_JBAS-3944/tomcat/src/main/org/jboss/web/tomcat/security

[jboss-cvs-commits at lists.jboss.org]

Author: galder.zamarreno at jboss.com
Date: 2006-12-15 07:42:46 -0500 (Fri, 15 Dec 2006)
New Revision: 59061

Modified:
   branches/JBoss_4_0_3_SP1_JBAS-3944/tomcat/src/main/org/jboss/web/tomcat/security/BasicAuthValve.java
Log:
[JBAS-3944] Added JBAS-2650

Modified: branches/JBoss_4_0_3_SP1_JBAS-3944/tomcat/src/main/org/jboss/web/tomcat/security/BasicAuthValve.java
===================================================================
--- branches/JBoss_4_0_3_SP1_JBAS-3944/tomcat/src/main/org/jboss/web/tomcat/security/BasicAuthValve.java	2006-12-14 18:37:14 UTC (rev 59060)
+++ branches/JBoss_4_0_3_SP1_JBAS-3944/tomcat/src/main/org/jboss/web/tomcat/security/BasicAuthValve.java	2006-12-15 12:42:46 UTC (rev 59061)
@@ -1,9 +1,24 @@
 /*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
 package org.jboss.web.tomcat.security;
 
 import java.io.IOException;
@@ -29,7 +44,11 @@
    private static Logger log = Logger.getLogger(BasicAuthValve.class);
    private static boolean trace = log.isTraceEnabled();
 
+   /** Should the exception message be used as the request status message */
    private boolean useExceptionAsMsg = false;
+   /** A flag indicating if the auth exception thread local should be cleared */
+   private boolean clearAuthException = true;
+   /** The name of the reply header to use to return the exception message */
    private String exceptionHeader = null;
 
    public boolean isUseExceptionAsMsg()
@@ -55,7 +74,7 @@
    {
       getNext().invoke(request, response);
       // Check the SecurityAssociation context exception
-      Throwable t = (Throwable) SecurityAssociationActions.getAuthException();
+      Throwable t = SecurityAssociationActions.getAuthException();
       int status = response.getStatus();
       
       if( trace )
@@ -72,6 +91,18 @@
          // Set the response exception header
          if( exceptionHeader != null )
             response.setHeader(exceptionHeader, msg);
+         // Clear the exception thread local
+         if( clearAuthException )
+         {
+            try
+            {
+               SecurityAssociationActions.clearAuthException();
+            }
+            catch(Throwable e)
+            {
+               log.warn("Unable to clear auth exception ", e);
+            }
+         }
       }
    }
 }