This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 1e178f565475fc64a4f3d0f45deec246fc5de36a Author: Felix Meschberger <[email protected]> AuthorDate: Fri Sep 17 12:55:49 2010 +0000 SLING-1783 Make the use of the j_reason request attribute to inform about failures for authentication official git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@998105 13f79535-47bb-0310-9956-ffa450edef68 --- .../auth/form/impl/AuthenticationFormServlet.java | 5 ++-- .../auth/form/impl/FormAuthenticationHandler.java | 33 ++++++++-------------- 2 files changed, 15 insertions(+), 23 deletions(-) diff --git a/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java b/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java index bc86a16..c6def05 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java +++ b/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java @@ -26,6 +26,7 @@ import org.apache.felix.scr.annotations.Properties; import org.apache.felix.scr.annotations.Property; import org.apache.felix.scr.annotations.Service; import org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet; +import org.apache.sling.auth.core.spi.AuthenticationHandler; import org.apache.sling.auth.form.FormReason; /** @@ -65,12 +66,12 @@ public class AuthenticationFormServlet extends AbstractAuthenticationFormServlet */ protected String getReason(final HttpServletRequest request) { // return the resource attribute if set to a non-empty string - Object resObj = request.getAttribute(FormAuthenticationHandler.PAR_J_REASON); + Object resObj = request.getAttribute(AuthenticationHandler.FAILURE_REASON); if (resObj instanceof FormReason) { return ((FormReason) resObj).toString(); } - final String reason = request.getParameter(FormAuthenticationHandler.PAR_J_REASON); + final String reason = request.getParameter(AuthenticationHandler.FAILURE_REASON); if (reason != null) { try { return FormReason.valueOf(reason).toString(); diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java index 8865eab..4415c33 100644 --- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java +++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java @@ -241,15 +241,6 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { private static final String PAR_J_VALIDATE = "j_validate"; /** - * The name of the request parameter indicating to the login form why the - * form is being rendered. If this parameter is not set the form is called - * for the first time and the implied reason is that the authenticator just - * requests credentials. Otherwise the parameter is set to a - * {@link FormReason} value. - */ - static final String PAR_J_REASON = "j_reason"; - - /** * Key in the AuthenticationInfo map which contains the domain on which the * auth cookie should be set. */ @@ -333,7 +324,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } else { if (this.loginAfterExpire) { // signal the requestCredentials method a previous login failure - request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT); + request.setAttribute(FAILURE_REASON, FormReason.TIMEOUT); info = AuthenticationInfo.FAIL_AUTH; } // clear the cookie, its invalid and we should get rid of it so that the invalid cookie @@ -421,13 +412,13 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { } // append indication of previous login failure - if (request.getAttribute(PAR_J_REASON) != null) { - final Object jReason = request.getAttribute(PAR_J_REASON); + if (request.getAttribute(FAILURE_REASON) != null) { + final Object jReason = request.getAttribute(FAILURE_REASON); @SuppressWarnings("unchecked") final String reason = (jReason instanceof Enum) ? ((Enum) jReason).name() : jReason.toString(); - targetBuilder.append(parSep).append(PAR_J_REASON); + targetBuilder.append(parSep).append(FAILURE_REASON); targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8")); } @@ -470,7 +461,7 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { authStorage.clear(request, response); // signal the requestCredentials method a previous login failure - request.setAttribute(PAR_J_REASON, FormReason.INVALID_CREDENTIALS); + request.setAttribute(FAILURE_REASON, FormReason.INVALID_CREDENTIALS); } /** @@ -1003,23 +994,23 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { final StringBuilder header = new StringBuilder(); // default setup with name, value, cookie path and HttpOnly - header.append(name).append('=').append(value); - header.append(";Path=").append(cookiePath); - header.append(";HttpOnly"); // don't allow JS access + header.append(name).append("=\"").append(value).append('"'); + header.append("; Path=\"").append(cookiePath).append('"'); + header.append("; HttpOnly"); // don't allow JS access // set the cookie domain if so configured if (domain != null) { - header.append(";Domain=").append(domain); + header.append("; Domain=\"").append(domain).append('"'); } // Only set the Max-Age attribute to remove the cookie - if (age == 0) { - header.append(";Max-Age=").append(age); + if (age >= 0) { + header.append("; Max-Age=\"").append(age).append('"'); } // ensure the cookie is secured if this is an https request if (request.isSecure()) { - header.append(";Secure"); + header.append("; Secure"); } response.addHeader(HEADER_SET_COOKIE, header.toString()); -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
