Author: olli
Date: Fri Sep 13 14:17:24 2013
New Revision: 1522946
URL: http://svn.apache.org/r1522946
Log:
SLING-2998 SlingAuthenticator fails because of pathInfo being null
- concatenate servlet path and path info into path to check against
- return anonymous credentials/false for empty path
- remove LoginServlet.SERVLET_PATH.equals(pathInfo) check
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1522946&r1=1522945&r2=1522946&view=diff
==============================================================================
---
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
(original)
+++
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Fri Sep 13 14:17:24 2013
@@ -666,14 +666,27 @@ public class SlingAuthenticator implemen
// ---------- internal
+ private String getPath(HttpServletRequest request) {
+ final StringBuilder sb = new StringBuilder();
+ if (request.getServletPath() != null) {
+ sb.append(request.getServletPath());
+ }
+ if (request.getPathInfo() != null) {
+ sb.append(request.getPathInfo());
+ }
+ return sb.toString();
+ }
+
private AuthenticationInfo getAuthenticationInfo(HttpServletRequest
request, HttpServletResponse response) {
// Get the path used to select the authenticator, if the SlingServlet
// itself has been requested without any more info, this will be null
// and we assume the root (SLING-722)
- String pathInfo = request.getPathInfo();
- if (pathInfo == null || pathInfo.length() == 0) {
- pathInfo = "/";
+ final String path = getPath(request);
+ if (path.length() == 0) {
+ // should not happen, be safe an return anonymous credentials
+ log.warn("get authentication info: request path is empty; assuming
anonymous");
+ return getAnonymousCredentials();
}
final List<AbstractAuthenticationHandlerHolder>[] localArray =
this.authHandlerCache.findApplicableHolder(request);
@@ -682,7 +695,7 @@ public class SlingAuthenticator implemen
if (local != null) {
for (int i = 0; i < local.size(); i++) {
AbstractAuthenticationHandlerHolder holder = local.get(i);
- if (pathInfo.startsWith(holder.path)) {
+ if (path.startsWith(holder.path)) {
final AuthenticationInfo authInfo =
holder.extractCredentials(
request, response);
@@ -864,9 +877,9 @@ public class SlingAuthenticator implemen
private boolean isAnonAllowed(HttpServletRequest request) {
- String pathInfo = request.getPathInfo();
- if (pathInfo == null || pathInfo.length() == 0) {
- pathInfo = "/";
+ final String path = getPath(request);
+ if (path.length() == 0) {
+ return false;
}
final List<AuthenticationRequirementHolder>[] holderListArray =
authRequiredCache.findApplicableHolder(request);
@@ -875,17 +888,13 @@ public class SlingAuthenticator implemen
if ( holderList != null ) {
for (int i = 0; i < holderList.size(); i++) {
final AuthenticationRequirementHolder holder =
holderList.get(i);
- if (pathInfo.startsWith(holder.path)) {
+ if (path.startsWith(holder.path)) {
return !holder.requiresAuthentication();
}
}
}
}
- if (LoginServlet.SERVLET_PATH.equals(pathInfo)) {
- return true;
- }
-
// fallback to anonymous not allowed (aka authentication required)
return false;
}
