inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

. Now uses non-transactional authentication service to remove tickets/security context on failed guest

Browse Source 
- also removes tickets and clears security context on normal Logout

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2217 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2006-01-26 15:32:55 +00:00
parent 9160578c9a
commit e9e1618479
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java
View File

@@ -73,7 +73,7 @@ public final class AuthenticationHelper
/** public service bean IDs **/ /** public service bean IDs **/
private static final String AUTHENTICATION_SERVICE = "AuthenticationService"; private static final String AUTHENTICATION_SERVICE = "AuthenticationService";
private static final String UNPROTECTED_AUTH_SERVICE = "authenticationService"; private static final String UNPROTECTED_AUTH_SERVICE = "authenticationServiceImpl";
private static final String PERSON_SERVICE = "personService"; private static final String PERSON_SERVICE = "personService";
/** cookie names */ /** cookie names */
@@ -172,15 +172,17 @@ public final class AuthenticationHelper
catch (AccessDeniedException accessError) catch (AccessDeniedException accessError)
{ {
// Guest is unable to access either properties on Person // Guest is unable to access either properties on Person
//AuthenticationService smallAuth = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE); AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
//smallAuth.invalidateTicket(smallAuth.getCurrentTicket()); unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
logger.warn("Unable to login as Guest: " + accessError.getMessage()); logger.warn("Unable to login as Guest: " + accessError.getMessage());
} }
catch (Throwable e) catch (Throwable e)
{ {
// Some other kind of serious failure to report // Some other kind of serious failure to report
//AuthenticationService smallAuth = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE); AuthenticationService unprotAuthService = (AuthenticationService)wc.getBean(UNPROTECTED_AUTH_SERVICE);
//smallAuth.invalidateTicket(smallAuth.getCurrentTicket()); unprotAuthService.invalidateTicket(unprotAuthService.getCurrentTicket());
unprotAuthService.clearCurrentSecurityContext();
throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e); throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", e);
} }
finally finally

1
source/java/org/alfresco/web/bean/LoginBean.java
View File

@@ -367,6 +367,7 @@ public class LoginBean
if (user != null) if (user != null)
{ {
this.authenticationService.invalidateTicket(user.getTicket()); this.authenticationService.invalidateTicket(user.getTicket());
this.authenticationService.clearCurrentSecurityContext();
} }
// Request that the username cookie state is removed - this is not // Request that the username cookie state is removed - this is not