This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit f4a6fe7731cc792f03a8b734d0e3a943e3cd499f Author: Alex Heneveld <[email protected]> AuthorDate: Tue Jan 15 10:39:51 2019 +0000 remove count in http session maintained by DelegatingSecurityProvider didn't seem to be used anywhere so why bother, and it broke AnyoneSecurityProvider which wanted to say it was authenticated even without a session --- .../security/provider/DelegatingSecurityProvider.java | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java index b420501..c3c7450 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java @@ -187,19 +187,12 @@ public class DelegatingSecurityProvider implements SecurityProvider { @Override public boolean isAuthenticated(HttpSession session) { - if (session == null) return false; - Object modCountWhenFirstAuthenticated = session.getAttribute(getModificationCountKey()); - boolean authenticated = getDelegate().isAuthenticated(session) && - Long.valueOf(modCount.get()).equals(modCountWhenFirstAuthenticated); - return authenticated; + return getDelegate().isAuthenticated(session); } @Override public boolean authenticate(HttpSession session, String user, String password) throws SecurityProviderDeniedAuthentication { boolean authenticated = getDelegate().authenticate(session, user, password); - if (authenticated) { - session.setAttribute(getModificationCountKey(), modCount.get()); - } if (log.isTraceEnabled() && authenticated) { log.trace("User {} authenticated with provider {}", user, getDelegate()); } else if (!authenticated && log.isDebugEnabled()) { @@ -210,17 +203,9 @@ public class DelegatingSecurityProvider implements SecurityProvider { @Override public boolean logout(HttpSession session) { - boolean logout = getDelegate().logout(session); - if (logout) { - session.removeAttribute(getModificationCountKey()); - } - return logout; + return getDelegate().logout(session); } - private String getModificationCountKey() { - return getClass().getName() + ".ModCount"; - } - @Override public boolean requiresUserPass() { return getDelegate().requiresUserPass();
