You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2019/01/16 02:12:18 UTC
[brooklyn-server] 38/49: remove count in http session maintained by
DelegatingSecurityProvider
This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit f4a6fe7731cc792f03a8b734d0e3a943e3cd499f
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Tue Jan 15 10:39:51 2019 +0000
remove count in http session maintained by DelegatingSecurityProvider
didn't seem to be used anywhere so why bother, and it broke AnyoneSecurityProvider
which wanted to say it was authenticated even without a session
---
.../security/provider/DelegatingSecurityProvider.java | 19 ++-----------------
1 file changed, 2 insertions(+), 17 deletions(-)
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
index b420501..c3c7450 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
@@ -187,19 +187,12 @@ public class DelegatingSecurityProvider implements SecurityProvider {
@Override
public boolean isAuthenticated(HttpSession session) {
- if (session == null) return false;
- Object modCountWhenFirstAuthenticated = session.getAttribute(getModificationCountKey());
- boolean authenticated = getDelegate().isAuthenticated(session) &&
- Long.valueOf(modCount.get()).equals(modCountWhenFirstAuthenticated);
- return authenticated;
+ return getDelegate().isAuthenticated(session);
}
@Override
public boolean authenticate(HttpSession session, String user, String password) throws SecurityProviderDeniedAuthentication {
boolean authenticated = getDelegate().authenticate(session, user, password);
- if (authenticated) {
- session.setAttribute(getModificationCountKey(), modCount.get());
- }
if (log.isTraceEnabled() && authenticated) {
log.trace("User {} authenticated with provider {}", user, getDelegate());
} else if (!authenticated && log.isDebugEnabled()) {
@@ -210,17 +203,9 @@ public class DelegatingSecurityProvider implements SecurityProvider {
@Override
public boolean logout(HttpSession session) {
- boolean logout = getDelegate().logout(session);
- if (logout) {
- session.removeAttribute(getModificationCountKey());
- }
- return logout;
+ return getDelegate().logout(session);
}
- private String getModificationCountKey() {
- return getClass().getName() + ".ModCount";
- }
-
@Override
public boolean requiresUserPass() {
return getDelegate().requiresUserPass();