This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit eed8f07cca4fd5ec6fdb6380f9f9db4cceac610f Author: Juan Cabrerizo <[email protected]> AuthorDate: Tue Jan 15 13:50:26 2019 +0000 Doc added --- .../brooklyn/rest/security/provider/OauthSecurityProvider.java | 2 ++ .../apache/brooklyn/rest/security/provider/SecurityProvider.java | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java index c3c7be4..7011032 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/OauthSecurityProvider.java @@ -113,6 +113,8 @@ public class OauthSecurityProvider implements SecurityProvider { public boolean isAuthenticated(HttpSession session) { // TODO tidy log messages log.info("isAuthenticated 1 "+getJettyRequest().getRequestURI()+" "+session+" ... "+this); + if(session==null) return false; + Object token = session.getAttribute(OAUTH_ACCESS_TOKEN_SESSION_KEY); // TODO is it valid? return token!=null; diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java index 7ceecf0..0854c7f 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/SecurityProvider.java @@ -18,6 +18,8 @@ */ package org.apache.brooklyn.rest.security.provider; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.servlet.http.HttpSession; import javax.ws.rs.core.Response; @@ -28,7 +30,7 @@ import javax.ws.rs.core.Response; */ public interface SecurityProvider { - public boolean isAuthenticated(HttpSession session); + public boolean isAuthenticated(@Nullable HttpSession session); /** whether this provider requires a user/pass; if this returns false, the framework can * send null/null as the user/pass to {@link #authenticate(HttpSession, String, String)}, * and should do that if user/pass info is not immediately available @@ -40,7 +42,7 @@ public interface SecurityProvider { * The provider should not send a response but should throw {@link SecurityProviderDeniedAuthentication} * if a custom response is required. It can include a response in that exception, * e.g. to provide more information or supply a redirect. */ - public boolean authenticate(HttpSession session, String user, String pass) throws SecurityProviderDeniedAuthentication; + public boolean authenticate(@Nonnull HttpSession session, String user, String pass) throws SecurityProviderDeniedAuthentication; public boolean logout(HttpSession session); public static class SecurityProviderDeniedAuthentication extends Exception {
