projects / securityfilter.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c984e78)
session is now invalidated if the user re-authenticates
authormaxcooper <maxcooper>
Mon, 6 Jan 2003 04:16:32 +0000 (04:16 +0000)
committermaxcooper <maxcooper>
Mon, 6 Jan 2003 04:16:32 +0000 (04:16 +0000)
src/share/org/securityfilter/filter/SecurityFilter.java patch | blob | history

diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java
index cf5023c..2adbefc 100644 (file)
--- a/src/share/org/securityfilter/filter/SecurityFilter.java
+++ b/src/share/org/securityfilter/filter/SecurityFilter.java
@@ -1,7 +1,7 @@
 /*
- * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.13 2003/01/06 01:14:23 maxcooper Exp $
- * $Revision: 1.13 $
- * $Date: 2003/01/06 01:14:23 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.14 2003/01/06 04:16:32 maxcooper Exp $
+ * $Revision: 1.14 $
+ * $Date: 2003/01/06 04:16:32 $
  *
  * ====================================================================
  * The SecurityFilter Software License, Version 1.1
@@ -75,7 +75,7 @@ import java.util.*;
  *
  * @author Max Cooper (max@maxcooper.com)
  * @author Torgeir Veimo (torgeir@pobox.com)
- * @version $Revision: 1.13 $ $Date: 2003/01/06 01:14:23 $
+ * @version $Revision: 1.14 $ $Date: 2003/01/06 04:16:32 $
  */
 public class SecurityFilter implements Filter {
    public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL";
@@ -121,9 +121,9 @@ public class SecurityFilter implements Filter {
       SecurityRequestWrapper wrappedRequest;
 
       // if the request has already been processed by the filter, pass it through unchecked
-      if (request.getAttribute(ALREADY_PROCESSED) == null) {
+      if (!TRUE.equals(request.getAttribute(ALREADY_PROCESSED))) {
          // set an attribute on this request to indicate that it has already been processed
-         request.setAttribute(ALREADY_PROCESSED, "true");
+         request.setAttribute(ALREADY_PROCESSED, TRUE);
 
          // get a URLPatternMatcher to use for this thread
          URLPatternMatcher patternMatcher = patternFactory.createURLPatternMatcher();
@@ -336,6 +336,12 @@ public class SecurityFilter implements Filter {
       Principal principal = realm.authenticate(username, password);
       if (principal != null) {
          // login successful
+         // invalidate old session if the user was already authenticated
+         // NOTE: we may want to check if the user re-authenticated as the same user, currently
+         // the session will be invalidated even if the user authenticates as the same user.
+         if (request.getUserPrincipal() != null) {
+            request.getSession().invalidate();
+         }
          request.setUserPrincipal(principal);
          String continueToURL = getContinueToURL(request);
          response.sendRedirect(response.encodeRedirectURL(continueToURL));
Unnamed repository; edit this file to name it for gitweb.