From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 11 Apr 2017 06:33:29 +0000 (+0200)
Subject: Fix regression with http session not created for remoting.
X-Git-Tag: argeo-commons-2.1.68~6
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=6a36b92e68c51061ae83ccb2980abe437cfb4b99;p=lgpl%2Fargeo-commons.git

Fix regression with http session not created for remoting.
---

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index dd01e4b53..9d41cea69 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -14,6 +14,7 @@ import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@@ -68,7 +69,14 @@ public class HttpSessionLoginModule implements LoginModule {
 			return false;
 		authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
 		if (authorization == null) {// search by session ID
-			String httpSessionId = request.getSession(false).getId();
+			HttpSession httpSession = request.getSession(false);
+			if (httpSession == null) {
+				// TODO make sure this is always safe
+				if (log.isTraceEnabled())
+					log.trace("Create http session");
+				httpSession = request.getSession(true);
+			}
+			String httpSessionId = httpSession.getId();
 			// authorization = (Authorization)
 			// request.getSession().getAttribute(HttpContext.AUTHORIZATION);
 			// if (authorization == null) {