fixed an issue where SecurityFilter would not honor auth info unless it specifically...

diff --git a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java
index e9510c0..2e94b74 100644 (file)
--- a/src/share/org/securityfilter/authenticator/BasicAuthenticator.java
+++ b/src/share/org/securityfilter/authenticator/BasicAuthenticator.java
@@ -1,7 +1,7 @@
 /*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.5 2004/01/26 09:19:10 maxcooper Exp $
- * $Revision: 1.5 $
- * $Date: 2004/01/26 09:19:10 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/authenticator/BasicAuthenticator.java,v 1.6 2004/10/07 21:37:29 maxcooper Exp $
+ * $Revision: 1.6 $
+ * $Date: 2004/10/07 21:37:29 $
  *
  * ====================================================================
  * The SecurityFilter Software License, Version 1.1
@@ -70,7 +70,7 @@ import java.security.Principal;
  *
  * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net)
  * @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.5 $ $Date: 2004/01/26 09:19:10 $
+ * @version $Revision: 1.6 $ $Date: 2004/10/07 21:37:29 $
  */
 public class BasicAuthenticator implements Authenticator {
    public static final String LOGIN_ATTEMPTS = BasicAuthenticator.class.getName() + ".LOGIN_ATTEMPTS";
@@ -81,7 +81,6 @@ public class BasicAuthenticator implements Authenticator {
 
    protected SecurityRealmInterface realm;
    protected String realmName;
-   protected Base64 base64Helper;
 
    /**
     * Initialize this Authenticator.
@@ -92,7 +91,6 @@ public class BasicAuthenticator implements Authenticator {
    public void init(FilterConfig filterConfig, SecurityConfig securityConfig) throws Exception {
       realm = securityConfig.getRealm();
       realmName = securityConfig.getRealmName();
-      base64Helper = new Base64();
    }
 
    /**
@@ -118,7 +116,7 @@ public class BasicAuthenticator implements Authenticator {
          // attempt to dig out authentication info only if the user has not yet been authenticated
          String authorizationHeader = request.getHeader("Authorization");
          HttpSession session = request.getSession();
-         if (authorizationHeader != null && session.getAttribute(LOGIN_ATTEMPTS) != null) {
+         if (authorizationHeader != null) {
             String decoded = decodeBasicAuthorizationString(authorizationHeader);
             String username = parseUsername(decoded);
             String password = parsePassword(decoded);
@@ -127,7 +125,7 @@ public class BasicAuthenticator implements Authenticator {
                // login successful
                request.getSession().removeAttribute(LOGIN_ATTEMPTS);
                request.setUserPrincipal(principal);
-            } else {
+            } else if (session.getAttribute(LOGIN_ATTEMPTS) != null) {
                // login failed
                // show the basic authentication window again.
                showLogin(request.getCurrentRequest(), response);
@@ -244,7 +242,7 @@ public class BasicAuthenticator implements Authenticator {
       } else {
          authorization = authorization.substring(6).trim();
          // Decode and parse the authorization credentials
-         return new String(base64Helper.decodeBase64(authorization.getBytes()));
+         return new String(Base64.decodeBase64(authorization.getBytes()));
       }
    }
 }