[jboss-cvs] JBossAS SVN: r76431 - branches/JBoss_4_0_5_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 29 14:46:20 EDT 2008
Author: mmoyses
Date: 2008-07-29 14:46:20 -0400 (Tue, 29 Jul 2008)
New Revision: 76431
Modified:
branches/JBoss_4_0_5_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedFormAuthenticator.java
Log:
JBAS-4592: removed NPE when session timed out in the login page.
Modified: branches/JBoss_4_0_5_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedFormAuthenticator.java
===================================================================
--- branches/JBoss_4_0_5_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedFormAuthenticator.java 2008-07-29 18:25:46 UTC (rev 76430)
+++ branches/JBoss_4_0_5_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedFormAuthenticator.java 2008-07-29 18:46:20 UTC (rev 76431)
@@ -31,7 +31,6 @@
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
-
import org.jboss.logging.Logger;
/**
@@ -48,20 +47,25 @@
public class ExtendedFormAuthenticator extends FormAuthenticator
{
public static final String LOGIN_EXCEPTION = "j_exception";
+
public static final String DID_POPULATE = "did_populate";
+
private static Logger log = Logger.getLogger(ExtendedFormAuthenticator.class);
+
private static boolean trace = log.isTraceEnabled();
+
private boolean includePassword;
public boolean isIncludePassword()
{
return includePassword;
}
+
public void setIncludePassword(boolean includePassword)
{
this.includePassword = includePassword;
}
-
+
/**
* Authenticate the user making this request, based on the specified
* login configuration. Return <code>true</code> if any specified
@@ -75,10 +79,8 @@
*
* @exception IOException if an input/output error occurs
*/
- public boolean authenticate(Request request,
- Response response,
- LoginConfig config)
- throws IOException {
+ public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException
+ {
boolean didPopulate = false;
@@ -86,28 +88,28 @@
boolean alreadyAuthenticated = super.authenticate(request, response, config);
Session session = request.getSessionInternal(false);
- if(session != null)
+ if (session != null)
{
- //get session note(used internally) to indicate if did populateSession.
- Boolean b = (Boolean)session.getNote(DID_POPULATE);
- if(b!=null)
- didPopulate = b.booleanValue();
+ //get session note(used internally) to indicate if did populateSession.
+ Boolean b = (Boolean) session.getNote(DID_POPULATE);
+ if (b != null)
+ didPopulate = b.booleanValue();
}
//if user not already authenticated and did populate not called..
- if(!alreadyAuthenticated && !didPopulate)
+ if (!alreadyAuthenticated && !didPopulate)
{
- populateSession(request);
+ populateSession(request);
}
//remove the note since not needed anymore, if set.
- session.removeNote(DID_POPULATE);
+ if (session != null)
+ session.removeNote(DID_POPULATE);
//pass return value on.
return alreadyAuthenticated;
}
-
/**
* Dispatch to the form error-page
*
@@ -118,7 +120,7 @@
*/
protected void forwardToErrorPage(Request request, Response response, LoginConfig config)
{
- if( trace )
+ if (trace)
log.trace("forwardToErrorPage");
populateSession(request);
super.forwardToErrorPage(request, response, config);
@@ -135,7 +137,7 @@
*/
protected void forwardToLoginPage(Request request, Response response, LoginConfig config)
{
- if( trace )
+ if (trace)
log.trace("forwardToLoginPage");
populateSession(request);
super.forwardToLoginPage(request, response, config);
@@ -153,43 +155,43 @@
Session session = request.getSessionInternal(false);
//if there is a session to store data under...
- if(session != null)
+ if (session != null)
{
- HttpSession httpSession = session.getSession();
+ HttpSession httpSession = session.getSession();
- if(trace)
- log.trace("SessionID: " + httpSession.getId());
+ if (trace)
+ log.trace("SessionID: " + httpSession.getId());
- //store username.
- String username = request.getParameter(Constants.FORM_USERNAME);
- if(trace)
- log.trace("Setting " + Constants.FORM_USERNAME + " = " + username);
- httpSession.setAttribute(Constants.FORM_USERNAME, username);
+ //store username.
+ String username = request.getParameter(Constants.FORM_USERNAME);
+ if (trace)
+ log.trace("Setting " + Constants.FORM_USERNAME + " = " + username);
+ httpSession.setAttribute(Constants.FORM_USERNAME, username);
- //store password if requested.
- if(includePassword)
- {
- String password = request.getParameter(Constants.FORM_PASSWORD);
- String displayPassword = (password==null?" = null":" = --hidden--");
- if(trace)
- log.trace("Setting " + Constants.FORM_PASSWORD + displayPassword);
- httpSession.setAttribute(Constants.FORM_PASSWORD, password);
- }
+ //store password if requested.
+ if (includePassword)
+ {
+ String password = request.getParameter(Constants.FORM_PASSWORD);
+ String displayPassword = (password == null ? " = null" : " = --hidden--");
+ if (trace)
+ log.trace("Setting " + Constants.FORM_PASSWORD + displayPassword);
+ httpSession.setAttribute(Constants.FORM_PASSWORD, password);
+ }
- //store SecurityAssociation context exception.
- Throwable t = SecurityAssociationActions.getAuthException();
- if(trace)
- log.trace("Setting " + LOGIN_EXCEPTION + " = " + t);
- httpSession.setAttribute(LOGIN_EXCEPTION, t);
-
- //finally, set a note so we do not do this again.
- session.setNote(DID_POPULATE, Boolean.TRUE);
+ //store SecurityAssociation context exception.
+ Throwable t = SecurityAssociationActions.getAuthException();
+ if (trace)
+ log.trace("Setting " + LOGIN_EXCEPTION + " = " + t);
+ httpSession.setAttribute(LOGIN_EXCEPTION, t);
+
+ //finally, set a note so we do not do this again.
+ session.setNote(DID_POPULATE, Boolean.TRUE);
}
else
{
- if(trace)
- log.trace("No Session to store login parameters in");
+ if (trace)
+ log.trace("No Session to store login parameters in");
}
}
-
+
}
More information about the jboss-cvs-commits
mailing list