fixed problem with deferred security and form auth

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@642 7e9141cc-0065-0410-87d8-b60c137991c4
2009-08-05 16:26:35 +00:00 · 2009-08-05 16:26:35 +00:00 · 9ec5d83f5c
parent 4628a6869c
commit 9ec5d83f5c
4 changed files with 22 additions and 7 deletions
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/IdentityService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/IdentityService.java
@ -51,6 +51,7 @@ public interface IdentityService
    /* ------------------------------------------------------------ */
    /**
     * Associate a runas Token with the current user and thread.
+     * @param user The UserIdentity
     * @param token The runAsToken to associate.
     * @return The previous runAsToken or null.
     */
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@ -234,6 +234,10 @@ public class FormAuthenticator extends LoginAuthenticator
                    return authentication;
            }

+            // if we can't send challenge
+            if (_deferred.isDeferred(response))
+                return Authentication.UNAUTHENTICATED; 
+            
            // remember the current URI
            synchronized (session)
            {
@ -246,11 +250,7 @@ public class FormAuthenticator extends LoginAuthenticator
                    session.setAttribute(__J_URI, buf.toString());
                }
            }
-
-            // if we can't send challenge
-            if (_deferred.isDeferred(response))
-                return Authentication.UNAUTHENTICATED; 
-                
+            
            // send the the challenge
            if (_dispatch)
            {
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
@ -1168,7 +1168,8 @@ public class Request implements HttpServletRequest
    {
        return _uri;
    }
-    
+
+    /* ------------------------------------------------------------ */
    public UserIdentity getUserIdentity()
    {
        if (_authentication instanceof Authentication.Deferred)
@ -1178,6 +1179,19 @@ public class Request implements HttpServletRequest
            return ((Authentication.User)_authentication).getUserIdentity();
        return null;
    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @return The resolved user Identity, which may be null if the 
+     * {@link Authentication} is not {@link Authentication.User} 
+     * (eg. {@link Authentication.Deferred}).
+     */
+    public UserIdentity getResolvedUserIdentity()
+    {
+        if (_authentication instanceof Authentication.User)
+            return ((Authentication.User)_authentication).getUserIdentity();
+        return null;
+    }
    
    /* ------------------------------------------------------------ */
    public UserIdentity.Scope getUserIdentityScope()
--- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHolder.java
+++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHolder.java
@ -513,7 +513,7 @@ public class ServletHolder extends Holder implements UserIdentity.Scope, Compara

            // Handle run as
            if (_identityService!=null)
-                old_run_as=_identityService.setRunAs(baseRequest.getUserIdentity(),_runAsToken);
+                old_run_as=_identityService.setRunAs(baseRequest.getResolvedUserIdentity(),_runAsToken);
            
            if (!isAsyncSupported())
                baseRequest.setAsyncSupported(false);