Add mechanism to indicate to FormAuthModule that a deferred authentication is being requested, but for a call to Request.getRemoteUser,

where there is no opportunity to issue a challenge.
2011-10-18 10:41:19 +11:00 · 2011-10-18 10:41:19 +11:00 · e8b8c659b0
parent 590d3442f2
commit e8b8c659b0
2 changed files with 13 additions and 3 deletions
--- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
+++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
@ -36,7 +36,9 @@ import javax.servlet.http.HttpSessionBindingListener;
 import org.eclipse.jetty.http.security.Constraint;
 import org.eclipse.jetty.http.security.Password;
 import org.eclipse.jetty.security.CrossContextPsuedoSession;
+import org.eclipse.jetty.security.authentication.DeferredAuthentication;
 import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
+import org.eclipse.jetty.server.Authentication;
 import org.eclipse.jetty.util.StringUtil;
 import org.eclipse.jetty.util.URIUtil;
 import org.eclipse.jetty.util.log.Log;
@ -207,9 +209,10 @@ public class FormAuthModule extends BaseAuthModule
                // that occur?
                return AuthStatus.SEND_FAILURE;
            }
+            
+            
            // Check if the session is already authenticated.
            FormCredential form_cred = (FormCredential) session.getAttribute(__J_AUTHENTICATED);
-
            if (form_cred != null)
            {
                System.err.println("Form cred: form.username="+form_cred._jUserName+" form.pwd="+new String(form_cred._jPassword));
@ -228,6 +231,13 @@ public class FormAuthModule extends BaseAuthModule
                    if (success) { return AuthStatus.SUCCESS; }
                }
            }
+            
+           
+
+            // if we can't send challenge
+            if (DeferredAuthentication.isDeferred(response))
+                return AuthStatus.SUCCESS; 
+            

            // redirect to login page  
            StringBuffer buf = request.getRequestURL();
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
@ -167,7 +167,7 @@ public class DeferredAuthentication implements Authentication.Deferred
     * @param response
     * @return true if this response is from a deferred call to {@link #authenticate(ServletRequest)}
     */
-    public boolean isDeferred(HttpServletResponse response)
+    public static boolean isDeferred(HttpServletResponse response)
    {
        return response==__deferredResponse;
    }
@ -175,7 +175,7 @@ public class DeferredAuthentication implements Authentication.Deferred
    /* ------------------------------------------------------------ */
    /* ------------------------------------------------------------ */
    /* ------------------------------------------------------------ */
-    static HttpServletResponse __deferredResponse = new HttpServletResponse()
+    final static HttpServletResponse __deferredResponse = new HttpServletResponse()
    {
        public void addCookie(Cookie cookie)
        {