[seam-commits] Seam SVN: r8696 - trunk/src/main/org/jboss/seam/web.

[seam-commits at lists.jboss.org]

Author: shane.bryzak at jboss.com
Date: 2008-08-15 05:25:22 -0400 (Fri, 15 Aug 2008)
New Revision: 8696

Modified:
   trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
Log:
force session creation when credentials are passed in the initial request

Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
===================================================================
--- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java	2008-08-15 08:53:19 UTC (rev 8695)
+++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java	2008-08-15 09:25:22 UTC (rev 8696)
@@ -33,6 +33,7 @@
 import org.jboss.seam.servlet.ContextualHttpServletRequest;
 import org.jboss.seam.servlet.ServletRequestSessionMap;
 import org.jboss.seam.util.Base64;
+import org.jboss.seam.util.Strings;
 
 /**
  * Seam Servlet Filter supporting HTTP Basic and Digest authentication. Some code
@@ -150,6 +151,12 @@
              username = token.substring(0, delim);
              password = token.substring(delim + 1);
          }
+         
+         if  (!Strings.isEmpty(username) && !Strings.isEmpty(password))
+         {
+            // Force session creation if we've received credentials in the request            
+            request.getSession(true);
+         }
 
          // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated
          if (credentials != null && !username.equals(credentials.getUsername()) || 
@@ -207,6 +214,9 @@
       String header = request.getHeader("Authorization");      
       if (header != null && header.startsWith("Digest "))
       {
+         // Force session creation if we've received credentials in the request
+         request.getSession(true);
+         
          String section212response = header.substring(7);
 
          String[] headerEntries = section212response.split(",");