continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmcconn...@apache.org
Subject svn commit: r538292 - /maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
Date Tue, 15 May 2007 19:51:32 GMT
Author: jmcconnell
Date: Tue May 15 12:51:32 2007
New Revision: 538292

URL: http://svn.apache.org/viewvc?view=rev&rev=538292
Log:
switch the authn logic around a little

if username exists, then perform authn
if username is null, then pass through as guest default security session

Modified:
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java?view=diff&rev=538292&r1=538291&r2=538292
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
Tue May 15 12:51:32 2007
@@ -36,6 +36,7 @@
 import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySystem;
 import org.codehaus.plexus.redback.users.UserNotFoundException;
 import org.codehaus.plexus.xwork.PlexusLifecycleListener;
@@ -137,19 +138,29 @@
                     if ( pRequest.getConfig() instanceof ContinuumXmlRpcConfig )
                     {
                         ContinuumXmlRpcConfig config = (ContinuumXmlRpcConfig) pRequest.getConfig();
-                        
-                        PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
-                        authdatasource.setPrincipal( config.getBasicUserName() );
-                        authdatasource.setPassword( config.getBasicPassword() );
-                        
+                                                                      
                         try
                         {
-                            config.setSecuritySession( securitySystem.authenticate( authdatasource
) );
-                        
-                            // xmlrpc will not continue processing if it gets a false response
here, so we are going to return
-                            // true regardless so that guest authorization is taken into
account.  Provided we don't throw 
-                            // an exception getting here, we'll return true then.
-                            return true;                           
+                            // if username is null, then treat this as a guest user with
an empty security session
+                            if (config.getBasicUserName() == null )
+                            {
+                                config.setSecuritySession( new DefaultSecuritySession() );
+                                
+                                return true;
+                            }
+                            else
+                            {
+                                // otherwise treat this as an authn required session, and
if the credentials are invalid
+                                // do not default to guest privileges 
+                                PasswordBasedAuthenticationDataSource authdatasource =
+                                    new PasswordBasedAuthenticationDataSource();
+                                authdatasource.setPrincipal( config.getBasicUserName() );
+                                authdatasource.setPassword( config.getBasicPassword() );
+
+                                config.setSecuritySession( securitySystem.authenticate( authdatasource
) );
+
+                                return config.getSecuritySession().isAuthenticated();
+                            }
                         }
                         catch ( AuthenticationException e )
                         {



Mime
View raw message