Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Wilkins2012-08-19 20:21:07 -0400
committerGreg Wilkins2012-08-19 20:21:07 -0400
commit1d89bef7a25626f97b306c1a1b61297dd20e5be8 (patch)
tree22fee3f6455e949cfcc5be4ccd4ea4415eb7f1c1 /jetty-security/src
parent4f30fb17a61b223e90d02efe2bfa03cc9e37efac (diff)
downloadorg.eclipse.jetty.project-1d89bef7a25626f97b306c1a1b61297dd20e5be8.tar.gz
org.eclipse.jetty.project-1d89bef7a25626f97b306c1a1b61297dd20e5be8.tar.xz
org.eclipse.jetty.project-1d89bef7a25626f97b306c1a1b61297dd20e5be8.zip
jetty-9 fixed context restart for constraint test
Diffstat (limited to 'jetty-security/src')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java4
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java19
-rw-r--r--jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java44
3 files changed, 20 insertions, 47 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index ebd441616b..d323fce2a7 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -236,10 +236,8 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
@Override
protected void doStop() throws Exception
{
- _constraintMap.clear();
- _constraintMappings.clear();
- _roles.clear();
super.doStop();
+ _constraintMap.clear();
}
protected void processConstraintMapping(ConstraintMapping mapping)
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
index aefd171814..e5d033ae0f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
@@ -74,17 +74,20 @@ public abstract class LoginAuthenticator implements Authenticator
{
HttpSession httpSession = request.getSession(false);
- synchronized (httpSession)
+ if (_renewSession && httpSession!=null)
{
- //if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users
- //(indicated by SESSION_SECURED not being set on the session) then we should change id
- if (_renewSession && httpSession!=null && httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
+ synchronized (httpSession)
{
- HttpSession newSession = AbstractSessionManager.renewSession(request, httpSession,true);
- LOG.debug("renew {}->{}",httpSession.getId(),newSession.getId());
- httpSession=newSession;
+ //if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users
+ //(indicated by SESSION_SECURED not being set on the session) then we should change id
+ if (httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
+ {
+ HttpSession newSession = AbstractSessionManager.renewSession(request, httpSession,true);
+ LOG.debug("renew {}->{}",httpSession.getId(),newSession.getId());
+ httpSession=newSession;
+ }
}
- return httpSession;
}
+ return httpSession;
}
}
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
index 973fbf0f01..df47eaeeab 100644
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
@@ -305,10 +305,6 @@ public class ConstraintTest
@Test
public void testFormRedirect() throws Exception
{
- Log.getLogger(SecurityHandler.class).setDebugEnabled(true);
- Log.getLogger(LoginAuthenticator.class).setDebugEnabled(true);
- Log.getLogger(FormAuthenticator.class).setDebugEnabled(true);
-
_security.setAuthenticator(new FormAuthenticator("/testLoginPage","/testErrorPage",false));
_security.setStrict(false);
_server.start();
@@ -783,9 +779,8 @@ public class ConstraintTest
_security.setHandler(check);
_security.setAuthenticator(new BasicAuthenticator());
_security.setStrict(false);
- _server.start();
- System.out.println(_server.dump());
+ _server.start();
String response;
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n", 100000, TimeUnit.MILLISECONDS);
@@ -798,40 +793,12 @@ public class ConstraintTest
_server.stop();
- /*
- * FIXME: this seems to indicate there is an issue with the way the server is stopping and starting now
- *
- * Note that ConstraintSecurityHandler loses all of its brains when the server starts and stops, but that
- * change was made in 2/2011 and this wasn't exposed til now, which seems to indicate that previously
- * when the server stopped that doStop() didn't make it down to the constraint handler...and now it does.
- *
- * also, seems to be an issue in local connector, I had to add a new one for it to be able to work here as well
- * so issues in stop/start there as well
- */
-
- _connector = new LocalConnector(_server);
- _server.setConnectors(new Connector[]{_connector});
- ContextHandler _context = new ContextHandler();
- SessionHandler _session = new SessionHandler();
-
- _context.setContextPath("/ctx");
- _server.setHandler(_context);
- _context.setHandler(_session);
-
- _security = new ConstraintSecurityHandler();
- _session.setHandler(_security);
- RequestHandler _handler = new RequestHandler();
- _security.setHandler(_handler);
-
RoleRefHandler roleref = new RoleRefHandler();
+ roleref.setHandler(_security.getHandler());
_security.setHandler(roleref);
roleref.setHandler(check);
-
- _security.setConstraintMappings(getConstraintMappings(),getKnownRoles());
-
- _server.start();
- System.out.println(_server.dump());
+ _server.start();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
"Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
@@ -885,6 +852,7 @@ public class ConstraintTest
}
private class RequestHandler extends AbstractHandler
{
+ @Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException
{
baseRequest.setHandled(true);
@@ -916,16 +884,19 @@ public class ConstraintTest
UserIdentity.Scope scope = new UserIdentity.Scope()
{
+ @Override
public String getContextPath()
{
return "/";
}
+ @Override
public String getName()
{
return "someServlet";
}
+ @Override
public Map<String, String> getRoleRefMap()
{
Map<String, String> map = new HashMap<>();
@@ -949,6 +920,7 @@ public class ConstraintTest
private class RoleCheckHandler extends AbstractHandler
{
+ @Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException
{
((Request) request).setHandled(true);

Back to the top