You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2012/01/30 12:40:56 UTC

svn commit: r1237609 - /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java

Author: fmeschbe
Date: Mon Jan 30 11:40:56 2012
New Revision: 1237609

URL: http://svn.apache.org/viewvc?rev=1237609&view=rev
Log:
SLING-2390 Ensure sling.auth.redirect request parameter is respected if impersonation state changes

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1237609&r1=1237608&r2=1237609&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Mon Jan 30 11:40:56 2012
@@ -742,60 +742,40 @@ public class SlingAuthenticator implemen
         try {
             handleImpersonation(request, authInfo);
             ResourceResolver resolver = resourceResolverFactory.getResourceResolver(authInfo);
-
-            setSudoCookie(request, response, authInfo);
+            final boolean impersChanged = setSudoCookie(request, response, authInfo);
 
             if (sendLoginEvent != null) {
                 postLoginEvent(authInfo);
             }
 
-            // handle success feedback
-            if (feedbackHandler != null) {
-
-                // provide the resource resolver to the feedback handler
-                request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
-
-                // call the feedback handler, terminating the request if
-                // so desired by the handler
-                if (feedbackHandler.authenticationSucceeded(request, response,
-                    authInfo)) {
-
-                    // request will now be terminated, so close the resolver
-                    // to release resources
-                    resolver.close();
+            // provide the resource resolver to the feedback handler
+            request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
 
-                    return false;
-                }
-
-            } else {
-
-                // if there is no feedback handler: check whether the client
-                // asked for redirect after authentication and/or impersonation
-                if (DefaultAuthenticationFeedbackHandler.handleRedirect(
-                    request, response)) {
+            boolean processRequest = true;
 
-                    // request will now be terminated, so close the resolver
-                    // to release resources
-                    resolver.close();
+            // custom feedback handler with option to redirect
+            if (feedbackHandler != null) {
+                processRequest = !feedbackHandler.authenticationSucceeded(request, response, authInfo);
+            }
 
-                    return false;
+            if (processRequest) {
+                if (AuthUtil.isValidateRequest(request)) {
+                    AuthUtil.sendValid(response);
+                    processRequest = false;
+                } else if (impersChanged || feedbackHandler == null) {
+                    processRequest = !DefaultAuthenticationFeedbackHandler.handleRedirect(request, response);
                 }
-
             }
 
-            // client requested validation, which succeeds, thus send
-            // success response and close the resolver
-            if (AuthUtil.isValidateRequest(request)) {
-                AuthUtil.sendValid(response);
+            if (processRequest) {
+                // process: set required attributes
+                setAttributes(resolver, authInfo.getAuthType(), request);
+            } else {
+                // terminate: cleanup
                 resolver.close();
-                return false;
             }
 
-            // no redirect desired, so continue processing by first setting
-            // the request attributes and then returning true
-            setAttributes(resolver, authInfo.getAuthType(), request);
-
-            return true;
+            return processRequest;
 
         } catch (LoginException re) {
 
@@ -1250,13 +1230,24 @@ public class SlingAuthenticator implemen
         return currentSudo;
     }
 
-    private void setSudoCookie(HttpServletRequest req,
+    /**
+     * Sets the impersonation cookie on the response if impersonation actually
+     * changed and returns whether the cookie has been set (or cleared) or not.
+     *
+     * @param req Providing the current sudo cookie value
+     * @param res For setting the sudo cookie
+     * @param authInfo Providing information about desired impersonation
+     * @return <code>true</code> if the cookie has been set or cleared or
+     *         <code>false</code> if the cookie is not modified.
+     */
+    private boolean setSudoCookie(HttpServletRequest req,
             HttpServletResponse res, AuthenticationInfo authInfo) {
         String sudo = (String) authInfo.get(ResourceResolverFactory.USER_IMPERSONATION);
         String currentSudo = getSudoCookieValue(req);
 
         // set the (new) impersonation
-        if (sudo != currentSudo) {
+        final boolean setCookie = sudo != currentSudo;
+        if (setCookie) {
             if (sudo == null) {
                 // Parameter set to "-" to clear impersonation, which was
                 // active due to cookie setting
@@ -1273,6 +1264,8 @@ public class SlingAuthenticator implemen
                         sudo);
             }
         }
+
+        return setCookie;
     }
 
     /**