From b2fd3aad26de8f784253bd07c9cd5652513cbb9c Mon Sep 17 00:00:00 2001
From: Greg Wilkins
Date: Wed, 8 Aug 2012 10:36:42 +1000
Subject: 386714 used deferred auth for form login and error pages

---
 .../org/eclipse/jetty/security/authentication/FormAuthenticator.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'jetty-security/src')

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index 17fbdc3f56..7acb1eff2d 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -188,8 +188,8 @@ public class FormAuthenticator extends LoginAuthenticator
         if (!mandatory)
             return _deferred;
         
-        if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())))
-            return Authentication.NOT_CHECKED;
+        if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response))
+            return _deferred;
             
         HttpSession session = request.getSession(true);
             
-- 
cgit v1.2.3