Fixed auth redirect loop

2018-08-10 19:27:51 +02:00 · 2018-08-10 19:27:51 +02:00 · 8212379c31
commit 8212379c31
parent 80b46fbc1f
2 changed files with 14 additions and 6 deletions
--- a/src/zall/filter/AuthenticationFilter.java
+++ b/src/zall/filter/AuthenticationFilter.java
@ -39,13 +39,17 @@ public class AuthenticationFilter implements Filter {
        if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
            logger.finest("User already authenticated, continuing filter chain.");
            chain.doFilter(request, response);
-        } else if (isWhitelisted(requestURI)){
-            logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
-            chain.doFilter(request, response);
        } else {
-            // do not continue the filter pipeline forward to login page
-            logger.fine("User not authenticated, redirecting to login page.");
-            ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
+            AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession());
+
+            if (isWhitelisted(requestURI)){
+                logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
+                chain.doFilter(request, response);
+            } else {
+                // do not continue the filter pipeline forward to login page
+                logger.fine("User not authenticated, redirecting to login page.");
+                ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
+            }
        }
    }

--- a/src/zall/manager/AuthenticationManager.java
+++ b/src/zall/manager/AuthenticationManager.java
@ -99,6 +99,9 @@ public class AuthenticationManager {
        session.setAttribute(SESSION_KEY_USER_OBJ, user);
    }

+    /**
+     * Logout user and clear session.
+     */
    public static void rmUserSession(HttpSession session) {
        session.removeAttribute(SESSION_KEY_USER_OBJ);
    }
@ -122,6 +125,7 @@ public class AuthenticationManager {
                    logger.fine("Invalid user(" + user.getEmail() + "), email not verified");
                    return false;
                }
+                /* FALLTHROUGH */
            case COOKIE:
                if (user.getCookieHash() == null || user.getCookieHash().isEmpty()) {
                    logger.fine("Invalid user(" + user.getEmail() + "), null or empty cookie hash.");