Fixed auth redirect loop

src/zall/filter/AuthenticationFilter.java

@@ -39,7 +39,10 @@ public class AuthenticationFilter implements Filter {
         if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
             logger.finest("User already authenticated, continuing filter chain.");
             chain.doFilter(request, response);
-        } else if (isWhitelisted(requestURI)){
+        } else {
+            AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession());
+
+            if (isWhitelisted(requestURI)){
                 logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
                 chain.doFilter(request, response);
             } else {
@@ -48,6 +51,7 @@ public class AuthenticationFilter implements Filter {
                 ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
             }
         }
+    }
 
     private boolean isWhitelisted(String requestURI) {
         if (ObjectUtil.isEmpty(requestURI))

src/zall/manager/AuthenticationManager.java

@@ -99,6 +99,9 @@ public class AuthenticationManager {
         session.setAttribute(SESSION_KEY_USER_OBJ, user);
     }
 
+    /**
+     * Logout user and clear session.
+     */
     public static void rmUserSession(HttpSession session) {
         session.removeAttribute(SESSION_KEY_USER_OBJ);
     }
@@ -122,6 +125,7 @@ public class AuthenticationManager {
                     logger.fine("Invalid user(" + user.getEmail() + "), email not verified");
                     return false;
                 }
+                /* FALLTHROUGH */
             case COOKIE:
                 if (user.getCookieHash() == null || user.getCookieHash().isEmpty()) {
                     logger.fine("Invalid user(" + user.getEmail() + "), null or empty cookie hash.");