You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2012/01/30 12:53:41 UTC
svn commit: r1237611 -
/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Author: fmeschbe
Date: Mon Jan 30 11:53:41 2012
New Revision: 1237611
URL: http://svn.apache.org/viewvc?rev=1237611&view=rev
Log:
SLING-2391 Ensure impersonation cookie is cleared on logout
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1237611&r1=1237610&r2=1237611&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Mon Jan 30 11:53:41 2012
@@ -564,6 +564,9 @@ public class SlingAuthenticator implemen
throw new IllegalStateException("Response already committed");
}
+ // make sure impersonation is dropped
+ setSudoCookie(request, response, new AuthenticationInfo("dummy", request.getRemoteUser()));
+
final String path = getHandlerSelectionPath(request);
final List<AbstractAuthenticationHandlerHolder>[] holderListArray = this.authHandlerCache.findApplicableHolder(request);
for (int m = 0; m < holderListArray.length; m++) {
@@ -1233,6 +1236,12 @@ public class SlingAuthenticator implemen
/**
* Sets the impersonation cookie on the response if impersonation actually
* changed and returns whether the cookie has been set (or cleared) or not.
+ * <p>
+ * The current impersonation state is taken from the sudo cookie value
+ * while the desired state is taken from the user.impersonation
+ * property of the auth info. If they don't match, the sudo cookie
+ * is set according to the user.impersonation property where the
+ * cookie is actually cleared if the property is <code>null</code>.
*
* @param req Providing the current sudo cookie value
* @param res For setting the sudo cookie