You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by jm...@apache.org on 2007/05/15 21:51:32 UTC
svn commit: r538292 -
/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
Author: jmcconnell
Date: Tue May 15 12:51:32 2007
New Revision: 538292
URL: http://svn.apache.org/viewvc?view=rev&rev=538292
Log:
switch the authn logic around a little
if username exists, then perform authn
if username is null, then pass through as guest default security session
Modified:
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java?view=diff&rev=538292&r1=538291&r2=538292
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java Tue May 15 12:51:32 2007
@@ -36,6 +36,7 @@
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.plexus.xwork.PlexusLifecycleListener;
@@ -137,19 +138,29 @@
if ( pRequest.getConfig() instanceof ContinuumXmlRpcConfig )
{
ContinuumXmlRpcConfig config = (ContinuumXmlRpcConfig) pRequest.getConfig();
-
- PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
- authdatasource.setPrincipal( config.getBasicUserName() );
- authdatasource.setPassword( config.getBasicPassword() );
-
+
try
{
- config.setSecuritySession( securitySystem.authenticate( authdatasource ) );
-
- // xmlrpc will not continue processing if it gets a false response here, so we are going to return
- // true regardless so that guest authorization is taken into account. Provided we don't throw
- // an exception getting here, we'll return true then.
- return true;
+ // if username is null, then treat this as a guest user with an empty security session
+ if (config.getBasicUserName() == null )
+ {
+ config.setSecuritySession( new DefaultSecuritySession() );
+
+ return true;
+ }
+ else
+ {
+ // otherwise treat this as an authn required session, and if the credentials are invalid
+ // do not default to guest privileges
+ PasswordBasedAuthenticationDataSource authdatasource =
+ new PasswordBasedAuthenticationDataSource();
+ authdatasource.setPrincipal( config.getBasicUserName() );
+ authdatasource.setPassword( config.getBasicPassword() );
+
+ config.setSecuritySession( securitySystem.authenticate( authdatasource ) );
+
+ return config.getSecuritySession().isAuthenticated();
+ }
}
catch ( AuthenticationException e )
{