Author: olli Date: Fri Sep 13 14:17:24 2013 New Revision: 1522946 URL: http://svn.apache.org/r1522946 Log: SLING-2998 SlingAuthenticator fails because of pathInfo being null
- concatenate servlet path and path info into path to check against - return anonymous credentials/false for empty path - remove LoginServlet.SERVLET_PATH.equals(pathInfo) check Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1522946&r1=1522945&r2=1522946&view=diff ============================================================================== --- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original) +++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Fri Sep 13 14:17:24 2013 @@ -666,14 +666,27 @@ public class SlingAuthenticator implemen // ---------- internal + private String getPath(HttpServletRequest request) { + final StringBuilder sb = new StringBuilder(); + if (request.getServletPath() != null) { + sb.append(request.getServletPath()); + } + if (request.getPathInfo() != null) { + sb.append(request.getPathInfo()); + } + return sb.toString(); + } + private AuthenticationInfo getAuthenticationInfo(HttpServletRequest request, HttpServletResponse response) { // Get the path used to select the authenticator, if the SlingServlet // itself has been requested without any more info, this will be null // and we assume the root (SLING-722) - String pathInfo = request.getPathInfo(); - if (pathInfo == null || pathInfo.length() == 0) { - pathInfo = "/"; + final String path = getPath(request); + if (path.length() == 0) { + // should not happen, be safe an return anonymous credentials + log.warn("get authentication info: request path is empty; assuming anonymous"); + return getAnonymousCredentials(); } final List<AbstractAuthenticationHandlerHolder>[] localArray = this.authHandlerCache.findApplicableHolder(request); @@ -682,7 +695,7 @@ public class SlingAuthenticator implemen if (local != null) { for (int i = 0; i < local.size(); i++) { AbstractAuthenticationHandlerHolder holder = local.get(i); - if (pathInfo.startsWith(holder.path)) { + if (path.startsWith(holder.path)) { final AuthenticationInfo authInfo = holder.extractCredentials( request, response); @@ -864,9 +877,9 @@ public class SlingAuthenticator implemen private boolean isAnonAllowed(HttpServletRequest request) { - String pathInfo = request.getPathInfo(); - if (pathInfo == null || pathInfo.length() == 0) { - pathInfo = "/"; + final String path = getPath(request); + if (path.length() == 0) { + return false; } final List<AuthenticationRequirementHolder>[] holderListArray = authRequiredCache.findApplicableHolder(request); @@ -875,17 +888,13 @@ public class SlingAuthenticator implemen if ( holderList != null ) { for (int i = 0; i < holderList.size(); i++) { final AuthenticationRequirementHolder holder = holderList.get(i); - if (pathInfo.startsWith(holder.path)) { + if (path.startsWith(holder.path)) { return !holder.requiresAuthentication(); } } } } - if (LoginServlet.SERVLET_PATH.equals(pathInfo)) { - return true; - } - // fallback to anonymous not allowed (aka authentication required) return false; }