You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2019/01/16 02:12:18 UTC
[brooklyn-server] 38/49: remove count in http session maintained by DelegatingSecurityProvider

This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit f4a6fe7731cc792f03a8b734d0e3a943e3cd499f
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Tue Jan 15 10:39:51 2019 +0000

    remove count in http session maintained by DelegatingSecurityProvider
    
    didn't seem to be used anywhere so why bother, and it broke AnyoneSecurityProvider
    which wanted to say it was authenticated even without a session
---
 .../security/provider/DelegatingSecurityProvider.java | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
index b420501..c3c7450 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
@@ -187,19 +187,12 @@ public class DelegatingSecurityProvider implements SecurityProvider {
 
     @Override
     public boolean isAuthenticated(HttpSession session) {
-        if (session == null) return false;
-        Object modCountWhenFirstAuthenticated = session.getAttribute(getModificationCountKey());
-        boolean authenticated = getDelegate().isAuthenticated(session) &&
-                Long.valueOf(modCount.get()).equals(modCountWhenFirstAuthenticated);
-        return authenticated;
+        return getDelegate().isAuthenticated(session);
     }
 
     @Override
     public boolean authenticate(HttpSession session, String user, String password) throws SecurityProviderDeniedAuthentication {
         boolean authenticated = getDelegate().authenticate(session, user, password);
-        if (authenticated) {
-            session.setAttribute(getModificationCountKey(), modCount.get());
-        }
         if (log.isTraceEnabled() && authenticated) {
             log.trace("User {} authenticated with provider {}", user, getDelegate());
         } else if (!authenticated && log.isDebugEnabled()) {
@@ -210,17 +203,9 @@ public class DelegatingSecurityProvider implements SecurityProvider {
 
     @Override
     public boolean logout(HttpSession session) { 
-        boolean logout = getDelegate().logout(session);
-        if (logout) {
-            session.removeAttribute(getModificationCountKey());
-        }
-        return logout;
+        return getDelegate().logout(session);
     }
 
-    private String getModificationCountKey() {
-        return getClass().getName() + ".ModCount";
-    }
-    
     @Override
     public boolean requiresUserPass() {
         return getDelegate().requiresUserPass();