You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by de...@apache.org on 2015/05/19 09:47:50 UTC

svn commit: r1680197 - /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java

Author: deki
Date: Tue May 19 07:47:49 2015
New Revision: 1680197

URL: http://svn.apache.org/r1680197
Log:
TOBAGO-1466: No need to force session creation for secret check

Modified:
    myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java

Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java?rev=1680197&r1=1680196&r2=1680197&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/Secret.java Tue May 19 07:47:49 2015
@@ -81,14 +81,16 @@ public final class Secret implements Ser
   public static boolean check(final FacesContext facesContext) {
     final Map requestParameterMap = facesContext.getExternalContext().getRequestParameterMap();
     final String fromRequest = (String) requestParameterMap.get(Secret.KEY);
-    final Object session = facesContext.getExternalContext().getSession(true);
-    final Secret secret;
-    if (session instanceof HttpSession) {
-      secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
-    } else if (PortletUtils.isPortletApiAvailable() && session instanceof PortletSession) {
-      secret = (Secret) ((PortletSession) session).getAttribute(Secret.KEY, PortletSession.APPLICATION_SCOPE);
-    } else {
-      throw new IllegalArgumentException("Unknown session type: " + session);
+    final Object session = facesContext.getExternalContext().getSession(false);
+    Secret secret = null;
+    if (session!=null) {
+      if (session instanceof HttpSession) {
+        secret = (Secret) ((HttpSession) session).getAttribute(Secret.KEY);
+      } else if (PortletUtils.isPortletApiAvailable() && session instanceof PortletSession) {
+        secret = (Secret) ((PortletSession) session).getAttribute(Secret.KEY, PortletSession.APPLICATION_SCOPE);
+      } else {
+        throw new IllegalArgumentException("Unknown session type: " + session);
+      }
     }
     return secret != null && secret.secret.equals(fromRequest);
   }