ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Fixed auth redirect loop

Browse source
This commit is contained in:
Ziver Koc 2018-08-10 19:27:51 +02:00
parent 80b46fbc1f
commit 8212379c31
2 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/zall/filter/AuthenticationFilter.java
View file

@ -39,13 +39,17 @@ public class AuthenticationFilter implements Filter {
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) { if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
logger.finest("User already authenticated, continuing filter chain."); logger.finest("User already authenticated, continuing filter chain.");
chain.doFilter(request, response); chain.doFilter(request, response);
} else if (isWhitelisted(requestURI)){
logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
chain.doFilter(request, response);
} else { } else {
// do not continue the filter pipeline forward to login page AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession());
logger.fine("User not authenticated, redirecting to login page.");
ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response); if (isWhitelisted(requestURI)){
logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
chain.doFilter(request, response);
} else {
// do not continue the filter pipeline forward to login page
logger.fine("User not authenticated, redirecting to login page.");
ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
}
} }
} }

4
src/zall/manager/AuthenticationManager.java
View file

@ -99,6 +99,9 @@ public class AuthenticationManager {
session.setAttribute(SESSION_KEY_USER_OBJ, user); session.setAttribute(SESSION_KEY_USER_OBJ, user);
} }
/**
* Logout user and clear session.
*/
public static void rmUserSession(HttpSession session) { public static void rmUserSession(HttpSession session) {
session.removeAttribute(SESSION_KEY_USER_OBJ); session.removeAttribute(SESSION_KEY_USER_OBJ);
} }
@ -122,6 +125,7 @@ public class AuthenticationManager {
logger.fine("Invalid user(" + user.getEmail() + "), email not verified"); logger.fine("Invalid user(" + user.getEmail() + "), email not verified");
return false; return false;
} }
/* FALLTHROUGH */
case COOKIE: case COOKIE:
if (user.getCookieHash() == null || user.getCookieHash().isEmpty()) { if (user.getCookieHash() == null || user.getCookieHash().isEmpty()) {
logger.fine("Invalid user(" + user.getEmail() + "), null or empty cookie hash."); logger.fine("Invalid user(" + user.getEmail() + "), null or empty cookie hash.");