. Now uses non-transactional authentication service to remove tickets/security context on failed guest

- also removes tickets and clears security context on normal Logout git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2217 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2006-01-26 15:32:55 +00:00
parent 9160578c9a
commit e9e1618479
2 changed files with 8 additions and 5 deletions
--- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
+++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
@@ -73,7 +73,7 @@ public final class AuthenticationHelper
   
   /** public service bean IDs **/
   private static final String AUTHENTICATION_SERVICE = "AuthenticationService";
-   private static final String UNPROTECTED_AUTH_SERVICE = "authenticationService";
+   private static final String UNPROTECTED_AUTH_SERVICE = "authenticationServiceImpl";
   private static final String PERSON_SERVICE = "personService";
   
   /** cookie names */
@@ -172,15 +172,17 @@ public final class AuthenticationHelper
               catch (AccessDeniedException accessError)
               {
                  // Guest is unable to access either properties on Person
-                  //AuthenticationService smallAuth = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
-                  //smallAuth.invalidateTicket(smallAuth.getCurrentTicket());
+                  AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
+                  unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
+                  unprotAuthService.clearCurrentSecurityContext();
                  logger.warn("Unable to login as Guest: " + accessError.getMessage());
               }
               catch (Throwable e)
               {
                  // Some other kind of serious failure to report
-                  //AuthenticationService smallAuth = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
-                  //smallAuth.invalidateTicket(smallAuth.getCurrentTicket());
+                  AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
+                  unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
+                  unprotAuthService.clearCurrentSecurityContext();
                  throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
               }
               finally
--- a/source/java/org/alfresco/web/bean/LoginBean.java
+++ b/source/java/org/alfresco/web/bean/LoginBean.java
@@ -367,6 +367,7 @@ public class LoginBean
      if (user != null)
      {
         this.authenticationService.invalidateTicket(user.getTicket());
+         this.authenticationService.clearCurrentSecurityContext();
      }
      
      // Request that the username cookie state is removed - this is not