projects / lgpl / argeo-commons.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 166932e)
Fix regression with http session not created for remoting.
authorMathieu Baudier <mbaudier@argeo.org>
Tue, 11 Apr 2017 06:33:29 +0000 (08:33 +0200)
committerMathieu Baudier <mbaudier@argeo.org>
Tue, 11 Apr 2017 06:33:29 +0000 (08:33 +0200)
org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java patch | blob | history

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
index dd01e4b53d50e2653486b2b49a32cc85d0edd4bd..9d41cea6923a5666f4bfb89553b8cb96f2e9fa7d 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java
@@ -14,6 +14,7 @@ import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@@ -68,7 +69,14 @@ public class HttpSessionLoginModule implements LoginModule {
                        return false;
                authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION);
                if (authorization == null) {// search by session ID
-                       String httpSessionId = request.getSession(false).getId();
+                       HttpSession httpSession = request.getSession(false);
+                       if (httpSession == null) {
+                               // TODO make sure this is always safe
+                               if (log.isTraceEnabled())
+                                       log.trace("Create http session");
+                               httpSession = request.getSession(true);
+                       }
+                       String httpSessionId = httpSession.getId();
                        // authorization = (Authorization)
                        // request.getSession().getAttribute(HttpContext.AUTHORIZATION);
                        // if (authorization == null) {
Argeo Commons - Lightweight integration framework in pure Java/OSGi