You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2019/01/16 02:12:23 UTC
[brooklyn-server] 43/49: Doc added
This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit eed8f07cca4fd5ec6fdb6380f9f9db4cceac610f
Author: Juan Cabrerizo <ju...@cloudsoft.io>
AuthorDate: Tue Jan 15 13:50:26 2019 +0000
Doc added
---
.../brooklyn/rest/security/provider/OauthSecurityProvider.java | 2 ++
.../apache/brooklyn/rest/security/provider/SecurityProvider.java | 6 ++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java
index c3c7be4..7011032 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java
@@ -113,6 +113,8 @@ public class OauthSecurityProvider implements SecurityProvider {
public boolean isAuthenticated(HttpSession session) {
// TODO tidy log messages
log.info("isAuthenticated 1 "+getJettyRequest().getRequestURI()+" "+session+" ... "+this);
+ if(session==null) return false;
+
Object token = session.getAttribute(OAUTH_ACCESS_TOKEN_SESSION_KEY);
// TODO is it valid?
return token!=null;
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java
index 7ceecf0..0854c7f 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java
@@ -18,6 +18,8 @@
*/
package org.apache.brooklyn.rest.security.provider;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Response;
@@ -28,7 +30,7 @@ import javax.ws.rs.core.Response;
*/
public interface SecurityProvider {
- public boolean isAuthenticated(HttpSession session);
+ public boolean isAuthenticated(@Nullable HttpSession session);
/** whether this provider requires a user/pass; if this returns false, the framework can
* send null/null as the user/pass to {@link #authenticate(HttpSession, String, String)},
* and should do that if user/pass info is not immediately available
@@ -40,7 +42,7 @@ public interface SecurityProvider {
* The provider should not send a response but should throw {@link SecurityProviderDeniedAuthentication}
* if a custom response is required. It can include a response in that exception,
* e.g. to provide more information or supply a redirect. */
- public boolean authenticate(HttpSession session, String user, String pass) throws SecurityProviderDeniedAuthentication;
+ public boolean authenticate(@Nonnull HttpSession session, String user, String pass) throws SecurityProviderDeniedAuthentication;
public boolean logout(HttpSession session);
public static class SecurityProviderDeniedAuthentication extends Exception {