changeset 4196:e10d60d4f35b

Don't always redirect if user isn't authenticated Only redirect a user if he is accessing the redirect url (FLYS.html by default). In other cases only send a 403 Forbidden to indicate that a user isn't allowed to access the url. Should improve flys/issue856 (Timeout in der Authentifizierung f├╝hrt zu Fehlern)
author Björn Ricks <bjoern.ricks@intevation.de>
date Mon, 22 Oct 2012 10:35:49 +0200
parents 93b53eaee401
children 810db532803a 1cdbd8a0c994
files flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java
diffstat 1 files changed, 23 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java	Mon Oct 22 10:32:09 2012 +0200
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/GGInAFilter.java	Mon Oct 22 10:35:49 2012 +0200
@@ -97,10 +97,16 @@
             return;
         }
 
+        boolean redirect = false;
+
         HttpSession session = sreq.getSession();
 
         String uri = path + "/" + this.redirecturl;
 
+        if (requesturi.equals(uri)) {
+            redirect = true;
+        }
+
         if (sreq.getQueryString() != null) {
             uri = uri + "?" + sreq.getQueryString();
         }
@@ -109,7 +115,7 @@
         User user = (User)session.getAttribute("user");
         if (user == null) {
             logger.debug("No user in session: " + requesturi);
-            this.redirect(resp);
+            this.handleResponse(resp, redirect);
             return;
         }
         if (user.hasExpired()) {
@@ -120,12 +126,12 @@
                 Authentication auth = this.auth(user, encoding);
                 if (auth == null || !auth.isSuccess()) {
                     logger.debug("Re-athentication not successful");
-                    this.redirect(resp);
+                    this.handleResponse(resp, redirect);
                 }
             }
             catch(AuthenticationException e) {
                 logger.error("Failure during re-authentication", e);
-                this.redirect(resp);
+                this.handleResponse(resp, redirect);
                 return;
             }
         }
@@ -141,6 +147,20 @@
             "/login.jsp");
     }
 
+    private void sendNotAuthenticated(ServletResponse resp) throws IOException {
+        logger.debug("Send not authenticated");
+        ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
+    }
+
+    private void handleResponse(ServletResponse resp, boolean redirect) throws IOException {
+        if (redirect) {
+            this.redirect(resp);
+        }
+        else {
+            this.sendNotAuthenticated(resp);
+        }
+    }
+
 
     /**
      * Do nothing at destruction.

http://dive4elements.wald.intevation.org