pac4j: be noop if a previous authenticator in chain has successfully authenticated (#9620)

This commit is contained in:
Himanshu 2020-04-06 11:55:55 -07:00 committed by GitHub
parent 40e84a171b
commit fc2897da1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions

View File

@ -79,6 +79,13 @@ public class Pac4jFilter implements Filter
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException throws IOException, ServletException
{ {
// If there's already an auth result, then we have authenticated already, skip this or else caller
// could get HTTP redirect even if one of the druid authenticators in chain has successfully authenticated.
if (servletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT) != null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse; HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
J2EContext context = new J2EContext(httpServletRequest, httpServletResponse, sessionStore); J2EContext context = new J2EContext(httpServletRequest, httpServletResponse, sessionStore);