You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:18:24 UTC

[sling-org-apache-sling-auth-form] 07/26: SLING-1721 Use no cookie domain if the configured (or requested) cookie domain is an empty string

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git

commit 1bf2250c28828283882ee08a649d4f186483b7d7
Author: Felix Meschberger <fm...@apache.org>
AuthorDate: Thu Sep 2 12:13:28 2010 +0000

    SLING-1721 Use no cookie domain if the configured (or requested) cookie domain is an empty string
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@991904 13f79535-47bb-0310-9956-ffa450edef68
---
 .../auth/form/impl/FormAuthenticationHandler.java  | 32 ++++++++++++----------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
index 861be54..e59975c 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
@@ -25,7 +25,6 @@ import java.net.URLEncoder;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Dictionary;
-
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.servlet.Servlet;
@@ -72,7 +71,8 @@ import org.slf4j.LoggerFactory;
     @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling Form Based Authentication Handler"),
     @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation"),
     @Property(name = AuthenticationHandler.PATH_PROPERTY, value = "/", cardinality = 100),
-    @Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true) })
+    @Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true),
+    @Property(name = Constants.SERVICE_RANKING, intValue = 0, propertyPrivate = false) })
 @Service
 public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
 
@@ -238,13 +238,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
     static final String PAR_J_REASON = "j_reason";
 
     /**
-     * The service ranking property.
-     */
-    @Property(intValue = 0, propertyPrivate = false)
-    @SuppressWarnings("unused")
-    private static final String PAR_SERVICE_RANKING = Constants.SERVICE_RANKING;
-
-    /**
      * Key in the AuthenticationInfo map which contains the domain on which the
      * auth cookie should be set.
      */
@@ -727,8 +720,11 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
         final String authName = OsgiUtil.toString(
             properties.get(PAR_AUTH_NAME), DEFAULT_AUTH_NAME);
 
-        final String defaultCookieDomain = OsgiUtil.toString(
-            properties.get(PAR_DEFAULT_COOKIE_DOMAIN), null);
+        String defaultCookieDomain = OsgiUtil.toString(
+            properties.get(PAR_DEFAULT_COOKIE_DOMAIN), "");
+        if (defaultCookieDomain.length() == 0) {
+            defaultCookieDomain = null;
+        }
 
         final String authStorage = OsgiUtil.toString(
             properties.get(PAR_AUTH_STORAGE), DEFAULT_AUTH_STORAGE);
@@ -931,11 +927,17 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
 
             // send the cookie to the response
             String cookieDomain = (String) info.get(COOKIE_DOMAIN);
-            if (cookieDomain == null) {
+            if (cookieDomain == null || cookieDomain.length() == 0) {
                 cookieDomain = defaultCookieDomain;
             }
-            setCookie(request, response, this.cookieName, cookieValue, -1, cookieDomain);
-            setCookie(request, response, this.domainCookieName, cookieDomain, -1, cookieDomain);
+            setCookie(request, response, this.cookieName, cookieValue, -1,
+                cookieDomain);
+
+            // send the cookie domain cookie if domain is not null
+            if (cookieDomain != null) {
+                setCookie(request, response, this.domainCookieName,
+                    cookieDomain, -1, cookieDomain);
+            }
         }
 
         public void clear(HttpServletRequest request,
@@ -957,7 +959,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler {
             // remove the old cookie from the client
             if (oldCookie != null) {
                 setCookie(request, response, this.cookieName, "", 0, oldCookieDomain);
-                if (oldCookieDomain != null) {
+                if (oldCookieDomain != null && oldCookieDomain.length() > 0) {
                     setCookie(request, response, this.domainCookieName, "", 0, oldCookieDomain);
                 }
             }

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.