details: https://code.openbravo.com/erp/devel/pi/rev/d208166ae5e5 changeset: 16780:d208166ae5e5 user: Iván Perdomo <ivan.perdomo <at> openbravo.com> date: Thu Jun 07 17:30:02 2012 +0200 summary: Issue 20704: Code improvements in authentication header - There is no need to create a HttpBaseServlet object as the jsp itself has the required methods used by the AuthenticationManager - There is no need to call the init, since getAuthenticationManager calls it implicitly
details: https://code.openbravo.com/erp/devel/pi/rev/3a2b4541f846 changeset: 16781:3a2b4541f846 user: Iván Perdomo <ivan.perdomo <at> openbravo.com> date: Thu Jun 07 17:31:22 2012 +0200 summary: Fixes issue 20704: Improvements in AuthenticationManger - The authenticate() method of the DefaultAuthenticationManager will check if a "loginURL" attribute is present in the request and use if for redirecting the user, otherwise it will use the default login url diffstat: src/index.jsp | 9 ++------- src/org/openbravo/authentication/AuthenticationManager.java | 13 ++++++++----- 2 files changed, 10 insertions(+), 12 deletions(-) diffs (52 lines): diff -r 0d35521fc856 -r 3a2b4541f846 src/index.jsp --- a/src/index.jsp Thu Jun 07 17:24:07 2012 +0200 +++ b/src/index.jsp Thu Jun 07 17:31:22 2012 +0200 @@ -30,15 +30,10 @@ Logger log = Logger.getLogger(org.openbravo.authentication.AuthenticationManager.class); -HttpBaseServlet s = new HttpBaseServlet(); // required for ConnectionProvider -s.init(getServletConfig()); -s.initialize(request, response); - -AuthenticationManager authManager = AuthenticationManager.getAuthenticationManager(s); - -authManager.init(s); +AuthenticationManager authManager = AuthenticationManager.getAuthenticationManager(this); String userId = authManager.authenticate(request, response); + if(userId == null){ return; } diff -r 0d35521fc856 -r 3a2b4541f846 src/org/openbravo/authentication/AuthenticationManager.java --- a/src/org/openbravo/authentication/AuthenticationManager.java Thu Jun 07 17:24:07 2012 +0200 +++ b/src/org/openbravo/authentication/AuthenticationManager.java Thu Jun 07 17:31:22 2012 +0200 @@ -70,10 +70,6 @@ AuthenticationManager authManager; String authClass = OBPropertiesProvider.getInstance().getOpenbravoProperties() .getProperty("authentication.class", DEFAULT_AUTH_CLASS); - if (authClass == null || authClass.equals("")) { - // If not defined, load default - authClass = "org.openbravo.authentication.basic.DefaultAuthenticationManager"; - } try { authManager = (AuthenticationManager) OBClassLoader.getInstance().loadClass(authClass) .newInstance(); @@ -144,8 +140,15 @@ setDBSession(request, userId, SUCCESS_SESSION_STANDARD, true); } + // A restricted resource can define a custom login URL + // It just need to set an the attribute loginURL in the request + final String customLoginURL = (String) request.getAttribute("loginURL"); + + final String loginURL = localAdress + + (customLoginURL == null || "".equals(customLoginURL) ? defaultServletUrl : customLoginURL); + if (userId == null && !response.isCommitted()) { - response.sendRedirect(localAdress + defaultServletUrl); + response.sendRedirect(loginURL); return null; } ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openbravo-commits mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openbravo-commits
