You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by fm...@apache.org on 2012/01/30 12:53:41 UTC

svn commit: r1237611 - /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java

Author: fmeschbe
Date: Mon Jan 30 11:53:41 2012
New Revision: 1237611

URL: http://svn.apache.org/viewvc?rev=1237611&view=rev
Log:
SLING-2391 Ensure impersonation cookie is cleared on logout

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1237611&r1=1237610&r2=1237611&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Mon Jan 30 11:53:41 2012
@@ -564,6 +564,9 @@ public class SlingAuthenticator implemen
             throw new IllegalStateException("Response already committed");
         }
 
+        // make sure impersonation is dropped
+        setSudoCookie(request, response, new AuthenticationInfo("dummy", request.getRemoteUser()));
+
         final String path = getHandlerSelectionPath(request);
         final List<AbstractAuthenticationHandlerHolder>[] holderListArray = this.authHandlerCache.findApplicableHolder(request);
         for (int m = 0; m < holderListArray.length; m++) {
@@ -1233,6 +1236,12 @@ public class SlingAuthenticator implemen
     /**
      * Sets the impersonation cookie on the response if impersonation actually
      * changed and returns whether the cookie has been set (or cleared) or not.
+     * <p>
+     * The current impersonation state is taken from the sudo cookie value
+     * while the desired state is taken from the user.impersonation
+     * property of the auth info. If they don't match, the sudo cookie
+     * is set according to the user.impersonation property where the
+     * cookie is actually cleared if the property is <code>null</code>.
      *
      * @param req Providing the current sudo cookie value
      * @param res For setting the sudo cookie