You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2005/12/08 03:54:40 UTC

svn commit: r354949 - /portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java

Author: taylor
Date: Wed Dec  7 18:54:36 2005
New Revision: 354949

URL: http://svn.apache.org/viewcvs?rev=354949&view=rev
Log:
bug fix fix
hate to put this in so late
but otherwise the admin cannot customize the default page

due to the fact that logging on does NOT create a new session
we need to provide a solution to clear out session attributes
left over from the guest session, such as the action list states

this patch adds a list to the LoginValidation valve constructor
allowing for a list of session attributes to be cleared upon login

Modified:
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?rev=354949&r1=354948&r2=354949&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java Wed Dec  7 18:54:36 2005
@@ -80,11 +80,6 @@
         {
             if ( request.getRequest().getUserPrincipal() == null )
             {
-                if (request.getSessionAttribute(LOGIN_CHECK) == null)
-                {
-                    clearSessionAttributes(request);
-                    request.getRequest().setAttribute(LOGIN_CHECK, "true");
-                }
                 if ( request.getSessionAttribute(LoginConstants.RETRYCOUNT) != null )
                 {
                     // we have a login attempt failure
@@ -136,6 +131,15 @@
                     }
                 }
             }
+            else
+            {
+                if (request.getSessionAttribute(LOGIN_CHECK) == null)
+                {
+                    clearSessionAttributes(request);
+                    request.getRequest().getSession().setAttribute(LOGIN_CHECK, "true");
+                }                
+            }
+            
             context.invokeNext(request);
         }
         catch (Exception e)
@@ -151,7 +155,7 @@
         while (attributes.hasNext())
         {
             String attribute = (String)attributes.next();
-            request.getRequest().removeAttribute(attribute);
+            request.getRequest().getSession().removeAttribute(attribute);
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org