You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/12/07 22:30:41 UTC
[tomcat] 09/14: Refactor change of session ID to reduce duplicate
code
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c31917da2d2338731b7406bb52561c3721816b18
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Dec 5 23:11:03 2019 +0000
Refactor change of session ID to reduce duplicate code
---
.../catalina/authenticator/AuthenticatorBase.java | 29 ++++++++++++----------
.../catalina/authenticator/FormAuthenticator.java | 5 +---
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 6c9e121..5a00864 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -32,7 +32,6 @@ import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.Valve;
@@ -907,18 +906,8 @@ public abstract class AuthenticatorBase extends ValveBase
if (session != null) {
// If the principal is null then this is a logout. No need to change
// the session ID. See BZ 59043.
- if (changeSessionIdOnAuthentication && principal != null) {
- String oldId = null;
- if (log.isDebugEnabled()) {
- oldId = session.getId();
- }
- Manager manager = request.getContext().getManager();
- manager.changeSessionId(session);
- request.changeSessionId(session.getId());
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("authenticator.changeSessionId",
- oldId, session.getId()));
- }
+ if (getChangeSessionIdOnAuthentication() && principal != null) {
+ changeSessionID(request, session);
}
} else if (alwaysUseSession) {
session = request.getSessionInternal(true);
@@ -1005,6 +994,20 @@ public abstract class AuthenticatorBase extends ValveBase
}
+
+ protected String changeSessionID(Request request, Session session) {
+ String oldId = null;
+ if (log.isDebugEnabled()) {
+ oldId = session.getId();
+ }
+ String newId = request.changeSessionId();
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("authenticator.changeSessionId", oldId, newId));
+ }
+ return newId;
+ }
+
+
@Override
public void login(String username, String password, Request request) throws ServletException {
Principal principal = doLogin(request, username, password);
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index d8551c4..863fd77 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -28,7 +28,6 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
@@ -410,9 +409,7 @@ public class FormAuthenticator
if (getChangeSessionIdOnAuthentication()) {
Session session = request.getSessionInternal(false);
if (session != null) {
- Manager manager = request.getContext().getManager();
- manager.changeSessionId(session);
- request.changeSessionId(session.getId());
+ changeSessionID(request, session);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org