Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#26 LogonProcess: null subj uncompletely managed

v0.80 beta2
closed-fixed
5
2006-05-18
2006-05-18
fguerzoni
No

I noticed a buggy behaviour when I do direct
LogonProcess call (passing credentials) without calling
Logon before (so subject==null).
In that case the if structure in method doFilter() in
AccessFilter fires the first case (subject==null) that
tries the logonProcess by calling logonProcess method.
In the first if case there's also the
LAST_ACCESS_DENIED_URI mechanism which stores the uri
requested. LAST_ACCESS_DENIED_URI mechanism works well
for all the cases except when url requested equals
LogonProcess.
In fact in the latter case the user, after a successful
auth, will be redirected to LogonProcess again.

I solved the problem simply putting the subject==null
if case at the end of if-else strutcture before the
else case.
Doing so, unifying the LogonProcess management, in any
case the logon request will be trapped by

}else if(logonProcessURI.implies(urlPermission)){

, while other requests will be trapped by the
subject=null if case.

This is my rapid solution to the problem. there should
be more accurate solutions.

Discussion

  • Charles Lescot
    Charles Lescot
    2006-05-18

    • milestone: 585262 --> v0.80 beta2
     
  • Charles Lescot
    Charles Lescot
    2006-05-18

    Logged In: YES
    user_id=824172

    Hi Filippo,
    i've integrated your bug fix into AccessFilter.
    thanks!
    Charles.

     
  • Charles Lescot
    Charles Lescot
    2006-05-18

    • assigned_to: nobody --> diabolo512
    • status: open --> closed-fixed