[seam-commits] Seam SVN: r7318 - in trunk/src/main/org/jboss/seam: web and 1 other directory.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Wed Jan 30 22:40:19 EST 2008 

Author: shane.bryzak at jboss.com
Date: 2008-01-30 22:40:19 -0500 (Wed, 30 Jan 2008)
New Revision: 7318

Modified:
   trunk/src/main/org/jboss/seam/security/Identity.java
   trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
Log:
JBSEAM-2556

Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java	2008-01-30 21:49:43 UTC (rev 7317)
+++ trunk/src/main/org/jboss/seam/security/Identity.java	2008-01-31 03:40:19 UTC (rev 7318)
@@ -255,6 +255,8 @@
       }
       finally
       {
+         // Set password to null whether authentication is successful or not
+         password = null;         
          authenticating = false;
       }
    }
@@ -290,8 +292,6 @@
          }
          preAuthenticationRoles.clear();
       }
-      
-      password = null;
 
       if (Events.exists()) Events.instance().raiseEvent(EVENT_POST_AUTHENTICATE, this);
    }

Modified: trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java
===================================================================
--- trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java	2008-01-30 21:49:43 UTC (rev 7317)
+++ trunk/src/main/org/jboss/seam/web/AuthenticationFilter.java	2008-01-31 03:40:19 UTC (rev 7318)
@@ -114,6 +114,9 @@
       HttpServletRequest httpRequest = (HttpServletRequest) request;
       HttpServletResponse httpResponse = (HttpServletResponse) response;
 
+      // Force session creation
+      httpRequest.getSession();
+      
       if (AUTH_TYPE_BASIC.equals(authType))
          processBasicAuth(httpRequest, httpResponse, chain);
       else if (AUTH_TYPE_DIGEST.equals(authType))
@@ -155,7 +158,7 @@
          }         
       }
       
-      if (!identity.isLoggedIn() && !identity.isCredentialsSet())
+      if (!requireAuth && !identity.isLoggedIn() && !identity.isCredentialsSet())
       {
          requireAuth = true;
       }
@@ -184,7 +187,8 @@
             HttpServletResponse response, FilterChain chain)
       throws IOException, ServletException
    {
-      Identity identity = (Identity) request.getSession().getAttribute( Seam.getComponentName(Identity.class) );
+      Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
+      Identity identity = (Identity) ctx.get(Identity.class);
       
       boolean requireAuth = false;    
       boolean nonceExpired = false;

More information about the seam-commits mailing list