incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r900735 - /sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
Date Tue, 19 Jan 2010 11:40:50 GMT
Author: fmeschbe
Date: Tue Jan 19 11:40:50 2010
New Revision: 900735

URL: http://svn.apache.org/viewvc?rev=900735&view=rev
Log:
SLING-1293 Terminate impersonation handling if impersonation fails and continue request processing
with the primary authenticated user

Modified:
    sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java

Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java?rev=900735&r1=900734&r2=900735&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
(original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/SlingAuthenticator.java
Tue Jan 19 11:40:50 2010
@@ -24,7 +24,6 @@
 import java.util.Hashtable;
 import java.util.Map;
 
-import javax.jcr.Credentials;
 import javax.jcr.LoginException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -753,15 +752,11 @@
      * @param session The real {@link Session} to optionally replace with an
      *            impersonated session.
      * @return The impersonated session or the input session.
-     * @throws LoginException thrown by the {@link Session#impersonate} method.
-     * @throws ContentBusException thrown by the {@link Session#impersonate}
-     *             method.
      * @see Session#impersonate for details on the user configuration
      *      requirements for impersonation.
      */
     private Session handleImpersonation(HttpServletRequest req,
-            HttpServletResponse res, Session session) throws LoginException,
-            RepositoryException {
+            HttpServletResponse res, Session session) {
 
         // the current state of impersonation
         String currentSudo = null;
@@ -790,14 +785,28 @@
         // sudo the session if needed
         final String authUser = session.getUserID();
         if (sudo != null && sudo.length() > 0) {
-            final SimpleCredentials creds = new SimpleCredentials(sudo, new char[0]);
-            creds.setAttribute(ATTR_IMPERSONATOR, authUser);
-            final Session impersonated = session.impersonate(creds);
-
-            // logout the original session and replace with impersonated
-            // session.
-            session.logout();
-            session = impersonated;
+            try {
+                // impersonate setting the respective attribute
+                final SimpleCredentials creds = new SimpleCredentials(sudo,
+                    new char[0]);
+                creds.setAttribute(ATTR_IMPERSONATOR, authUser);
+                final Session impersonated = session.impersonate(creds);
+
+                // logout the original session and replace with impersonated
+                // session.
+                session.logout();
+                session = impersonated;
+
+            } catch (RepositoryException re) {
+
+                // log an error message if impersonation fails
+                log.error("handleImpersonation: Failed to impersonate "
+                    + authUser + " as " + sudo + ", processing request as "
+                    + authUser, re);
+
+                // clear sudo to revert impersonation
+                sudo = null;
+            }
         }
         // invariant: same session or successful impersonation
 



Mime
View raw message