You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2005/12/08 03:54:40 UTC
svn commit: r354949 -
/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
Author: taylor
Date: Wed Dec 7 18:54:36 2005
New Revision: 354949
URL: http://svn.apache.org/viewcvs?rev=354949&view=rev
Log:
bug fix fix
hate to put this in so late
but otherwise the admin cannot customize the default page
due to the fact that logging on does NOT create a new session
we need to provide a solution to clear out session attributes
left over from the guest session, such as the action list states
this patch adds a list to the LoginValidation valve constructor
allowing for a list of session attributes to be cleared upon login
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?rev=354949&r1=354948&r2=354949&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java Wed Dec 7 18:54:36 2005
@@ -80,11 +80,6 @@
{
if ( request.getRequest().getUserPrincipal() == null )
{
- if (request.getSessionAttribute(LOGIN_CHECK) == null)
- {
- clearSessionAttributes(request);
- request.getRequest().setAttribute(LOGIN_CHECK, "true");
- }
if ( request.getSessionAttribute(LoginConstants.RETRYCOUNT) != null )
{
// we have a login attempt failure
@@ -136,6 +131,15 @@
}
}
}
+ else
+ {
+ if (request.getSessionAttribute(LOGIN_CHECK) == null)
+ {
+ clearSessionAttributes(request);
+ request.getRequest().getSession().setAttribute(LOGIN_CHECK, "true");
+ }
+ }
+
context.invokeNext(request);
}
catch (Exception e)
@@ -151,7 +155,7 @@
while (attributes.hasNext())
{
String attribute = (String)attributes.next();
- request.getRequest().removeAttribute(attribute);
+ request.getRequest().getSession().removeAttribute(attribute);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org