/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.21 2003/07/07 13:12:57 maxcooper Exp $
- * $Revision: 1.21 $
- * $Date: 2003/07/07 13:12:57 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.22 2003/10/27 11:16:05 maxcooper Exp $
+ * $Revision: 1.22 $
+ * $Date: 2003/10/27 11:16:05 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* @author Max Cooper (max@maxcooper.com)
* @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
* @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.21 $ $Date: 2003/07/07 13:12:57 $
+ * @version $Revision: 1.22 $ $Date: 2003/10/27 11:16:05 $
*/
public class SecurityFilter implements Filter {
public static final String CONFIG_FILE_KEY = "config";
Collection roles = authConstraint.getRoles();
Principal principal = wrappedRequest.getUserPrincipal();
// if roles is empty, access will be blocked no matter who the user is, so skip the login
- // todo: do we still need this DUMMY_TOKEN check for BASIC auth?
- if (!roles.isEmpty() && principal == null /* && hReq.getSession().getAttribute(DUMMY_TOKEN) == null */) {
+ if (!roles.isEmpty() && principal == null) {
// user needs to be authenticated
authenticator.showLogin(hReq, hRes);
return;
projects / securityfilter.git / commitdiff