You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/09/02 14:13:28 UTC

svn commit: r991904 - /sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java

Author: fmeschbe
Date: Thu Sep  2 12:13:28 2010
New Revision: 991904

URL: http://svn.apache.org/viewvc?rev=991904&view=rev
Log:
SLING-1721 Use no cookie domain if the configured (or requested) cookie domain is an empty string

Modified:
    sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java

Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java?rev=991904&r1=991903&r2=991904&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java Thu Sep  2 12:13:28 2010
@@ -25,7 +25,6 @@ import java.net.URLEncoder;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Dictionary;
-
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.servlet.Servlet;
@@ -72,7 +71,8 @@ import org.slf4j.LoggerFactory;
     @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling Form Based Authentication Handler"),
     @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation"),
     @Property(name = AuthenticationHandler.PATH_PROPERTY, value = "/", cardinality = 100),
-    @Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true) })
+    @Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true),
+    @Property(name = Constants.SERVICE_RANKING, intValue = 0, propertyPrivate = false) })
 @Service
 public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
 
@@ -238,13 +238,6 @@ public class FormAuthenticationHandler e
     static final String PAR_J_REASON = "j_reason";
 
     /**
-     * The service ranking property.
-     */
-    @Property(intValue = 0, propertyPrivate = false)
-    @SuppressWarnings("unused")
-    private static final String PAR_SERVICE_RANKING = Constants.SERVICE_RANKING;
-
-    /**
      * Key in the AuthenticationInfo map which contains the domain on which the
      * auth cookie should be set.
      */
@@ -727,8 +720,11 @@ public class FormAuthenticationHandler e
         final String authName = OsgiUtil.toString(
             properties.get(PAR_AUTH_NAME), DEFAULT_AUTH_NAME);
 
-        final String defaultCookieDomain = OsgiUtil.toString(
-            properties.get(PAR_DEFAULT_COOKIE_DOMAIN), null);
+        String defaultCookieDomain = OsgiUtil.toString(
+            properties.get(PAR_DEFAULT_COOKIE_DOMAIN), "");
+        if (defaultCookieDomain.length() == 0) {
+            defaultCookieDomain = null;
+        }
 
         final String authStorage = OsgiUtil.toString(
             properties.get(PAR_AUTH_STORAGE), DEFAULT_AUTH_STORAGE);
@@ -931,11 +927,17 @@ public class FormAuthenticationHandler e
 
             // send the cookie to the response
             String cookieDomain = (String) info.get(COOKIE_DOMAIN);
-            if (cookieDomain == null) {
+            if (cookieDomain == null || cookieDomain.length() == 0) {
                 cookieDomain = defaultCookieDomain;
             }
-            setCookie(request, response, this.cookieName, cookieValue, -1, cookieDomain);
-            setCookie(request, response, this.domainCookieName, cookieDomain, -1, cookieDomain);
+            setCookie(request, response, this.cookieName, cookieValue, -1,
+                cookieDomain);
+
+            // send the cookie domain cookie if domain is not null
+            if (cookieDomain != null) {
+                setCookie(request, response, this.domainCookieName,
+                    cookieDomain, -1, cookieDomain);
+            }
         }
 
         public void clear(HttpServletRequest request,
@@ -957,7 +959,7 @@ public class FormAuthenticationHandler e
             // remove the old cookie from the client
             if (oldCookie != null) {
                 setCookie(request, response, this.cookieName, "", 0, oldCookieDomain);
-                if (oldCookieDomain != null) {
+                if (oldCookieDomain != null && oldCookieDomain.length() > 0) {
                     setCookie(request, response, this.domainCookieName, "", 0, oldCookieDomain);
                 }
             }