Dear gang,
I noticed some duplicate actions taken during the protected void
populateSession(Request request) method the
org.jboss.web.tomcat.security.ExtendedFormAuthenticator class. While these
duplicate actions do not adversely affect the product, I am suggesting a
correction. I am assuming that the authors original intent was to have two
methods. One called on the way to the login page, and one called on the way to
the error page. In any case...
| protected void populateSession(Request request)
| {
| String username = request.getParameter("j_username");
| HttpSession session = request.getSession(false);
| if( trace )
| log.trace("Enter, j_username="+username);
| if( session != null )
| {
| if( username != null )
| session.setAttribute("j_username", username);
| if( includePassword )
| {
| Object pass = request.getParameter("j_password");
| if( pass != null )
| session.setAttribute("j_password", pass);
| }
| }
|
| username = request.getParameter("j_username");
| session = request.getSession(false);
| if( session != null )
| {
| if( trace )
| log.trace("SessionID: "+session.getId());
| if( username != null )
| session.setAttribute("j_username", username);
| // Check the SecurityAssociation context exception
| Throwable t = (Throwable)
SecurityAssociationActions.getAuthException();
| if( trace )
| log.trace("SecurityAssociation.exception: "+t);
| if( t != null )
| session.setAttribute("j_exception", t);
| }
| if( trace )
| log.trace("Exit, username: "+username);
| }
|
Might be just as good as...
| protected void populateSession(Request request)
| {
| String username = request.getParameter("j_username");
| HttpSession session = request.getSession(false);
|
| if( session != null )
| {
| if( trace )
| log.trace("SessionID: "+session.getId());
|
| if( username != null )
| {
| session.setAttribute("j_username", username);
| if( trace )
| log.trace("Setting j_username="+username);
|
| if( includePassword )
| {
| Object pass = request.getParameter("j_password");
| if( pass != null )
| {
| session.setAttribute("j_password", pass);
| if( trace )
| log.trace("Setting j_password=--hidden--");
| }
| }
| }
|
| // Check the SecurityAssociation context exception
| Throwable t = (Throwable)
SecurityAssociationActions.getAuthException();
| if( trace )
| log.trace("SecurityAssociation.exception: "+t);
| if( t != null )
| session.setAttribute("j_exception", t);
| }
| else
| {
| if( trace )
| log.trace("No Session to store login parameters in");
| }
| }
|
Again, these are just suggestions and only remove duplicate work performed.
cgriffith
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3948093#3948093
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3948093
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
