Author: jmcconnell
Date: Fri Sep 15 13:03:12 2006
New Revision: 446712
URL: http://svn.apache.org/viewvc?view=rev&rev=446712
Log:
throw an exception int he secure action code when the session is null, telling
the interceptor to deny access
Modified:
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
Modified:
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java?view=diff&rev=446712&r1=446711&r2=446712
==============================================================================
---
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
(original)
+++
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
Fri Sep 15 13:03:12 2006
@@ -190,9 +190,14 @@
bundle.setRequiresAuthentication( true );
bundle.requiresAuthorization( "edit-all-users", Resource.GLOBAL);
-
+
SecuritySession securitySession = (SecuritySession) session.get(
SecuritySession.ROLE );
+ if ( securitySession == null )
+ {
+ throw new SecureActionException( "no session, not authenticated,
not allowed access" );
+ }
+
User user = securitySession.getUser();
if ( user != null )
