#26 LogonProcess: null subj uncompletely managed

v0.80 beta2

I noticed a buggy behaviour when I do direct
LogonProcess call (passing credentials) without calling
Logon before (so subject==null).
In that case the if structure in method doFilter() in
AccessFilter fires the first case (subject==null) that
tries the logonProcess by calling logonProcess method.
In the first if case there's also the
LAST_ACCESS_DENIED_URI mechanism which stores the uri
requested. LAST_ACCESS_DENIED_URI mechanism works well
for all the cases except when url requested equals
In fact in the latter case the user, after a successful
auth, will be redirected to LogonProcess again.

I solved the problem simply putting the subject==null
if case at the end of if-else strutcture before the
else case.
Doing so, unifying the LogonProcess management, in any
case the logon request will be trapped by

}else if(logonProcessURI.implies(urlPermission)){

, while other requests will be trapped by the
subject=null if case.

This is my rapid solution to the problem. there should
be more accurate solutions.


  • Charles Lescot

    Charles Lescot - 2006-05-18
    • milestone: 585262 --> v0.80 beta2
  • Charles Lescot

    Charles Lescot - 2006-05-18

    Logged In: YES

    Hi Filippo,
    i've integrated your bug fix into AccessFilter.

  • Charles Lescot

    Charles Lescot - 2006-05-18
    • assigned_to: nobody --> diabolo512
    • status: open --> closed-fixed

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks