You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by de...@apache.org on 2015/05/19 09:47:50 UTC
svn commit: r1680197 -
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
Author: deki
Date: Tue May 19 07:47:49 2015
New Revision: 1680197
URL: http://svn.apache.org/r1680197
Log:
TOBAGO-1466: No need to force session creation for secret check
Modified:
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java?rev=1680197&r1=1680196&r2=1680197&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java Tue May 19 07:47:49 2015
@@ -81,14 +81,16 @@ public final class Secret implements Ser
public static boolean check(final FacesContext facesContext) {
final Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
final String fromRequest = (String) requestParameterMap.get(Secret.KEY);
- final Object session = facesContext.getExternalContext().getSession(true);
- final Secret secret;
- if (session instanceof HttpSession) {
- secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
- } else if (PortletUtils.isPortletApiAvailable() && session instanceof PortletSession) {
- secret = (Secret) ((PortletSession) session).getAttribute(Secret.KEY, PortletSession.APPLICATION_SCOPE);
- } else {
- throw new IllegalArgumentException("Unknown session type: " + session);
+ final Object session = facesContext.getExternalContext().getSession(false);
+ Secret secret = null;
+ if (session!=null) {
+ if (session instanceof HttpSession) {
+ secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+ } else if (PortletUtils.isPortletApiAvailable() && session instanceof PortletSession) {
+ secret = (Secret) ((PortletSession) session).getAttribute(Secret.KEY, PortletSession.APPLICATION_SCOPE);
+ } else {
+ throw new IllegalArgumentException("Unknown session type: " + session);
+ }
}
return secret != null && secret.secret.equals(fromRequest);
}