portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r354937 - in /portals/jetspeed-2/trunk: components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java src/webapp/WEB-INF/assembly/pipelines.xml
Date Thu, 08 Dec 2005 02:25:19 GMT
Author: taylor
Date: Wed Dec  7 18:25:17 2005
New Revision: 354937

URL: http://svn.apache.org/viewcvs?rev=354937&view=rev
Log:
bug fix
hate to put this in so late
but otherwise the admin cannot customize the default page

due to the fact that logging on does NOT create a new session
we need to provide a solution to clear out session attributes
left over from the guest session, such as the action list states

this patch adds a list to the LoginValidation valve constructor
allowing for a list of session attributes to be cleared upon login

Modified:
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java?rev=354937&r1=354936&r2=354937&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/LoginValidationValveImpl.java
Wed Dec  7 18:25:17 2005
@@ -15,6 +15,10 @@
  */
 package org.apache.jetspeed.security.impl;
 
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.Jetspeed;
@@ -39,15 +43,17 @@
 public class LoginValidationValveImpl extends AbstractValve implements org.apache.jetspeed.pipeline.valve.LoginValidationValve
 {
     private static final Log log = LogFactory.getLog(LoginValidationValveImpl.class);
+    private static final String LOGIN_CHECK = "org.apache.jetspeed.login.check";
     
     private int maxNumberOfAuthenticationFailures;
-    
+    private List sessionAttributes; 
     /**
      * Creates a LoginValidationValveImpl instance which doesn't evaluate the maxNumberOfAuthenticationFailures

      * for LoginConstant.ERROR_FINAL_LOGIN_ATTEMPT error reporting.
      */
-    public LoginValidationValveImpl()
+    public LoginValidationValveImpl(List sessionAttributes)
     {
+        this.sessionAttributes = sessionAttributes;
     }
 
     /**
@@ -62,6 +68,7 @@
     public LoginValidationValveImpl(int maxNumberOfAuthenticationFailures)
     {
         this.maxNumberOfAuthenticationFailures = maxNumberOfAuthenticationFailures;
+        this.sessionAttributes = new LinkedList();
     }
 
     /**
@@ -73,6 +80,11 @@
         {
             if ( request.getRequest().getUserPrincipal() == null )
             {
+                if (request.getSessionAttribute(LOGIN_CHECK) == null)
+                {
+                    clearSessionAttributes(request);
+                    request.getRequest().setAttribute(LOGIN_CHECK, "true");
+                }
                 if ( request.getSessionAttribute(LoginConstants.RETRYCOUNT) != null )
                 {
                     // we have a login attempt failure
@@ -130,6 +142,16 @@
         {
             log.error("Exception in request pipeline: " + e.getMessage(), e);
             throw new PipelineException(e.toString(), e);
+        }
+    }
+    
+    private void clearSessionAttributes(RequestContext request)
+    {       
+        Iterator attributes = this.sessionAttributes.iterator();
+        while (attributes.hasNext())
+        {
+            String attribute = (String)attributes.next();
+            request.getRequest().removeAttribute(attribute);
         }
     }
 

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml?rev=354937&r1=354936&r2=354937&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/pipelines.xml Wed Dec  7 18:25:17
2005
@@ -61,9 +61,14 @@
   
   <bean id="loginValidationValve"
         class="org.apache.jetspeed.security.impl.LoginValidationValveImpl"
-        init-method="initialize"
-  />
-  
+        init-method="initialize">
+	  <!-- remove (from the session) the following list of session attributes upon login
-->
+       <constructor-arg index="0">
+            <list>
+                <value>org.apache.jetspeed.powertool.actions</value>
+            </list>		   
+	   </constructor-arg>	  
+  </bean>
   <bean id="profilerValve"
         class="org.apache.jetspeed.profiler.impl.ProfilerValveImpl"
         init-method="initialize"



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message