You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2008/03/14 16:00:38 UTC

svn commit: r637125 - /incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java

Author: fmeschbe
Date: Fri Mar 14 08:00:37 2008
New Revision: 637125

URL: http://svn.apache.org/viewvc?rev=637125&view=rev
Log:
SLING-327 Apply the same exception handling and login failure mechanism
when acquiring the anonymous session as when acquiring the regular session.

Modified:
    incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java

Modified: incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java?rev=637125&r1=637124&r2=637125&view=diff
==============================================================================
--- incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java (original)
+++ incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/auth/SlingAuthenticator.java Fri Mar 14 08:00:37 2008
@@ -219,40 +219,9 @@
 
                 return true;
 
-            } catch (TooManySessionsException se) {
-
-                // to many users, send a 503 Service Unavailable
-                log.info("authenticate: Too many sessions for user: {}",
-                    se.getMessage());
-
-                try {
-                    res.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
-                        "Too Many Users");
-                } catch (IOException ioe) {
-                    log.error("authenticate: Cannot send status 503 to client",
-                        ioe);
-                }
-
-            } catch (LoginException e) {
-
-                // request authentication information and send 403 (Forbidden)
-                // if no handler can request authentication information.
-                log.info("authenticate: Unable to authenticate: {}",
-                    e.getMessage());
-                requestAuthentication(req, res);
-
             } catch (RepositoryException re) {
 
-                // general problem, send a 500 Internal Server Error
-                log.error("authenticate: Unable to authenticate", re);
-
-                try {
-                    res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
-                        "Data Access Failure");
-                } catch (IOException ioe) {
-                    log.error("authenticate: Cannot send status 500 to client",
-                        ioe);
-                }
+                handleLoginFailure(req, res, re);
 
             }
 
@@ -389,28 +358,61 @@
                 Session session = getRepository().login();
                 setAttributes(session, null, req);
                 return true;
-            } catch (TooManySessionsException se) {
-                log.error(
-                    "getAnonymousSession: Too many anonymous users active", se);
-            } catch (LoginException le) {
-                log.error(
-                    "getAnonymousSession: Login failure, requesting authentication",
-                    le);
             } catch (RepositoryException re) {
-                log.error("getAnonymousSession: Cannot get anonymous session",
-                    re);
+                // cannot login > fail login, do not try to authenticate
+                handleLoginFailure(req, res, re);
+                return false;
             }
-        } else {
-            log.debug("getAnonymousSession: Anonymous access not allowed by configuration");
         }
-
+        
         // request authentication now, and fail if not possible
+        log.debug("getAnonymousSession: Anonymous access not allowed by configuration");
         requestAuthentication(req, res);
 
         // fallback to no session
         return false;
     }
 
+    private void handleLoginFailure(HttpServletRequest request,
+            HttpServletResponse response, RepositoryException reason) {
+        
+        if (reason instanceof TooManySessionsException) {
+
+            // to many users, send a 503 Service Unavailable
+            log.info("authenticate: Too many sessions for user: {}",
+                reason.getMessage());
+
+            try {
+                response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
+                    "Too Many Users");
+            } catch (IOException ioe) {
+                log.error("authenticate: Cannot send status 503 to client", ioe);
+            }
+
+        } else if (reason instanceof LoginException) {
+
+            // request authentication information and send 403 (Forbidden)
+            // if no handler can request authentication information.
+            log.info("authenticate: Unable to authenticate: {}",
+                reason.getMessage());
+            requestAuthentication(request, response);
+
+        } else {
+
+            // general problem, send a 500 Internal Server Error
+            log.error("authenticate: Unable to authenticate", reason);
+
+            try {
+                response.sendError(
+                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+                    "Data Access Failure");
+            } catch (IOException ioe) {
+                log.error("authenticate: Cannot send status 500 to client", ioe);
+            }
+        }
+        
+    }
+    
     // TODO
     private void sendFailure(HttpServletResponse res) {
         try {