luehe 2004/10/25 19:02:37
Modified: catalina/src/share/org/apache/catalina/security
SecurityUtil.java
Log:
Create Subject if one was not already associated with the session, and add
it to the session *only* in that case
Revision Changes Path
1.14 +11 -7
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
Index: SecurityUtil.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- SecurityUtil.java 25 Oct 2004 21:18:49 -0000 1.13
+++ SecurityUtil.java 26 Oct 2004 02:02:37 -0000 1.14
@@ -247,20 +247,24 @@
HttpServletRequest request =
(HttpServletRequest)targetArguments[0];
+ boolean hasSubject = false;
HttpSession session = request.getSession(false);
if (session != null){
subject =
(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
+ hasSubject = (subject != null);
+ }
- if (subject == null){
- subject = new Subject();
+ if (subject == null){
+ subject = new Subject();
- if (principal != null){
- subject.getPrincipals().add(principal);
- }
-
- session.setAttribute(Globals.SUBJECT_ATTR, subject);
+ if (principal != null){
+ subject.getPrincipals().add(principal);
}
+ }
+
+ if (session != null && !hasSubject) {
+ session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
