From 37bce89b8ffbd426fefdfa4add2a665c98bfac7f Mon Sep 17 00:00:00 2001
From: Jan Bartel
Date: Tue, 22 May 2012 13:13:10 +0200
Subject: 379909 FormAuthenticator Rembers only the URL of first Request before
 authentication

---
 .../security/authentication/FormAuthenticator.java | 27 +++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to 'jetty-security/src/main/java')

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index c21768fde1..dcd91498f3 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -77,6 +77,7 @@ public class FormAuthenticator extends LoginAuthenticator
     private String _formLoginPage;
     private String _formLoginPath;
     private boolean _dispatch;
+    private boolean _alwaysSaveUri;
 
     public FormAuthenticator()
     {
@@ -93,6 +94,26 @@ public class FormAuthenticator extends LoginAuthenticator
         _dispatch=dispatch;
     }
     
+    /* ------------------------------------------------------------ */
+    /**
+     * If true, uris that cause a redirect to a login page will always
+     * be remembered. If false, only the first uri that leads to a login
+     * page redirect is remembered.
+     * See https://bugs.eclipse.org/bugs/show_bug.cgi?id=379909
+     * @param alwaysSave
+     */
+    public void setAlwaysSaveUri (boolean alwaysSave)
+    {
+        _alwaysSaveUri = alwaysSave;
+    }
+    
+    
+    /* ------------------------------------------------------------ */
+    public boolean getAlwaysSaveUri ()
+    {
+        return _alwaysSaveUri;
+    }
+    
     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)
@@ -279,9 +300,9 @@ public class FormAuthenticator extends LoginAuthenticator
             // remember the current URI
             synchronized (session)
             {
-                // But only if it is not set already
-                if (session.getAttribute(__J_URI)==null)
-                {
+                // But only if it is not set already, or we save every uri that leads to a login form redirect
+                if (session.getAttribute(__J_URI)==null || _alwaysSaveUri)
+                {  
                     StringBuffer buf = request.getRequestURL();
                     if (request.getQueryString() != null)
                         buf.append("?").append(request.getQueryString());
-- 
cgit v1.2.3