From 166932e8beec546c71d7c4e9b8d5148ee330d2b9 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Mon, 10 Apr 2017 13:28:44 +0200 Subject: [PATCH] Fix issue with multiple CMS session being registered. --- org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index 6fa7bd2a1..65ccbd6ab 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -117,10 +117,13 @@ class CmsAuthUtils { // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class)); } - private static void registerSessionAuthorization(HttpServletRequest request, Subject subject, + private synchronized static void registerSessionAuthorization(HttpServletRequest request, Subject subject, Authorization authorization, Locale locale) { + // synchronized in order to avoid multiple registrations + // TODO move it to a service in order to avoid static synchronization if (request != null) { HttpSession httpSession = request.getSession(false); + assert httpSession != null; String httpSessId = httpSession.getId(); String remoteUser = authorization.getName() != null ? authorization.getName() : NodeConstants.ROLE_ANONYMOUS; @@ -131,7 +134,6 @@ class CmsAuthUtils { if (cmsSession != null) { if (authorization.getName() != null) { if (cmsSession.getAuthorization().getName() == null) { - // FIXME make it more generic cmsSession.close(); cmsSession = null; } else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) { @@ -140,8 +142,8 @@ class CmsAuthUtils { } } else {// anonymous if (cmsSession.getAuthorization().getName() != null) { - // FIXME make it more generic cmsSession.close(); + // TODO rather throw an exception ? log a warning ? cmsSession = null; } } -- 2.30.2