[seam-commits] Seam SVN: r8699 - trunk/src/main/org/jboss/seam/web.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Fri Aug 15 06:24:31 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-08-15 06:24:31 -0400 (Fri, 15 Aug 2008)
New Revision: 8699
Modified:
trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
Log:
throw exception if identity is null
Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
===================================================================
--- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-08-15 10:19:27 UTC (rev 8698)
+++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java 2008-08-15 10:24:31 UTC (rev 8699)
@@ -132,6 +132,12 @@
{
Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
Identity identity = (Identity) ctx.get(Identity.class);
+
+ if (identity == null)
+ {
+ throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
+ }
+
Credentials credentials = (Credentials) ctx.get(Credentials.class);
boolean requireAuth = false;
@@ -151,16 +157,9 @@
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
-
- if (!Strings.isEmpty(username) && !Strings.isEmpty(password))
- {
- // Force session creation if we've received credentials in the request
- request.getSession(true);
- }
// Only reauthenticate if username doesn't match Identity.username and user isn't authenticated
- if (credentials != null && !username.equals(credentials.getUsername()) ||
- (identity != null && !identity.isLoggedIn()))
+ if (!username.equals(credentials.getUsername()) || !identity.isLoggedIn())
{
try
{
@@ -175,7 +174,7 @@
}
}
- if (identity != null && !identity.isLoggedIn() && credentials != null && !credentials.isSet())
+ if (!identity.isLoggedIn() && !credentials.isSet())
{
requireAuth = true;
}
@@ -193,7 +192,7 @@
requireAuth = true;
}
- if ((requireAuth && (identity != null && !identity.isLoggedIn())) || identity == null)
+ if ((requireAuth && !identity.isLoggedIn()))
{
response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized");
@@ -206,6 +205,12 @@
{
Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
Identity identity = (Identity) ctx.get(Identity.class);
+
+ if (identity == null)
+ {
+ throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
+ }
+
Credentials credentials = (Credentials) ctx.get(Credentials.class);
boolean requireAuth = false;
@@ -213,10 +218,7 @@
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Digest "))
- {
- // Force session creation if we've received credentials in the request
- request.getSession(true);
-
+ {
String section212response = header.substring(7);
String[] headerEntries = section212response.split(",");
@@ -261,7 +263,7 @@
}
}
- if (identity != null && !identity.isLoggedIn() && credentials != null && !credentials.isSet())
+ if (!identity.isLoggedIn() && !credentials.isSet())
{
requireAuth = true;
}
@@ -279,7 +281,7 @@
requireAuth = true;
}
- if ((requireAuth && (identity != null && !identity.isLoggedIn())) || identity == null)
+ if ((requireAuth && !identity.isLoggedIn()))
{
long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);
More information about the seam-commits
mailing list