Merged V4.0-BUG-FIX to HEAD

35501: ALF-13773 Simplify the is-guest vs no-authentication-at-all check for User and Admin only WebScripts 35502: Fix accidental config change .... git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35506 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2012-04-21 09:21:51 +00:00
parent 66e1047e6e
commit 0b56f5b306
1 changed files with 2 additions and 6 deletions
--- a/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
+++ b/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
@@ -307,12 +307,8 @@ public class RepositoryContainer extends AbstractRuntimeContainer implements Ten
                    // Check to see if they supplied HTTP Auth or Ticket as guest, on a script that needs more
                    if (required == RequiredAuthentication.user || required == RequiredAuthentication.admin)
                    {
-                        if (auth != null)
-                        {
-                            isGuest = authorityService.isGuestAuthority(AuthenticationUtil.getFullyAuthenticatedUser());
-                        }
-                        
-                        if (auth == null || isGuest)
+                        String authenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
+                        if (authenticatedUser == null || authorityService.isGuestAuthority(authenticatedUser))
                        {
                            throw new WebScriptException(HttpServletResponse.SC_UNAUTHORIZED, "Web Script " + desc.getId() + " requires user authentication; however, a guest has attempted access.");
                        }