Author: fmeschbe
Date: Fri Sep 10 08:04:24 2010
New Revision: 995694
URL: http://svn.apache.org/viewvc?rev=995694&view=rev
Log:
SLING-1744 Split the authentication data into exactly three fields leaving any
excess field separators in the user name field thus supporting user names with
@ signs such as email addresses.
Modified:
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
Modified:
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
---
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
(original)
+++
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
Fri Sep 10 08:04:24 2010
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRes
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
@@ -844,8 +843,8 @@ public class FormAuthenticationHandler e
*/
String getUserId(final String authData) {
if (authData != null) {
- String[] parts = StringUtils.split(authData, "@");
- if (parts != null && parts.length == 3) {
+ String[] parts = TokenStore.split(authData);
+ if (parts != null) {
return parts[2];
}
}
@@ -864,7 +863,7 @@ public class FormAuthenticationHandler e
if (authData == null) {
updateCookie = true;
} else {
- String[] parts = StringUtils.split(authData, "@");
+ String[] parts = TokenStore.split(authData);
if (parts != null && parts.length == 3) {
long cookieTime = Long.parseLong(parts[1].substring(1));
if (System.currentTimeMillis() + (sessionTimeout / 2) >
cookieTime) {
Modified:
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
---
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
(original)
+++
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/TokenStore.java
Fri Sep 10 08:04:24 2010
@@ -178,6 +178,24 @@ class TokenStore {
}
/**
+ * Splits the authentication data into the three parts packed together
while
+ * encoding the cookie.
+ *
+ * @param authData The authentication data to split in three parts
+ * @return A string array with three elements being the three parts of the
+ * cookie value or <code>null</code> if the input is
+ * <code>null</code> or if the string does not contain (at least)
+ * three '@' separated parts.
+ */
+ static String[] split(final String authData) {
+ String[] parts = StringUtils.split(authData, "@", 3);
+ if (parts != null && parts.length == 3) {
+ return parts;
+ }
+ return null;
+ }
+
+ /**
* Returns <code>true</code> if the <code>value</code> is a valid secure
* token as follows:
* <ul>
@@ -192,8 +210,8 @@ class TokenStore {
* Otherwise the method returns <code>false</code>.
*/
boolean isValid(String value) {
- String[] parts = StringUtils.split(value, "@");
- if (parts != null && parts.length == 3) {
+ String[] parts = split(value);
+ if (parts != null) {
// single digit token number
int tokenNumber = parts[1].charAt(0) - '0';
Modified:
sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java?rev=995694&r1=995693&r2=995694&view=diff
==============================================================================
---
sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
(original)
+++
sling/trunk/bundles/auth/form/src/test/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerTest.java
Fri Sep 10 08:04:24 2010
@@ -92,7 +92,7 @@ public class FormAuthenticationHandlerTe
assertEquals(null, handler.getUserId("field0"));
assertEquals(null, handler.getUserId("fie...@field1"));
assertEquals("field3", handler.getUserId("fie...@field1@field3"));
- assertEquals(null, handler.getUserId("fie...@field1@fie...@field4"));
+ assertEquals("fie...@field4",
handler.getUserId("fie...@field1@fie...@field4"));
}
/**
