// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
final static String SHARED_STATE_PWD = AuthenticatingUser.SHARED_STATE_PWD;
- final static String HEADER_AUTHORIZATION = "Authorization";
- final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+// final static String HEADER_AUTHORIZATION = "Authorization";
+// final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
// Argeo specific
final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
// TODO move it to a service in order to avoid static synchronization
if (request != null) {
RemoteAuthSession httpSession = request.getSession();
- assert httpSession != null;
- String httpSessId = httpSession.getId();
+ String httpSessId = httpSession != null ? httpSession.getId() : null;
boolean anonymous = authorization.getName() == null;
String remoteUser = !anonymous ? authorization.getName() : CmsConstants.ROLE_ANONYMOUS;
request.setAttribute(RemoteAuthRequest.REMOTE_USER, remoteUser);