X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FHttpSessionLoginModule.java;h=9d41cea6923a5666f4bfb89553b8cb96f2e9fa7d;hb=f73578bf6f1154b7a05c2996aa0e17e362e9c1bd;hp=9cf32974f536f62f50dc46b65f285cfde94a29eb;hpb=b45e59192a4bb34a6b38a9bfa416b3dc3f6b7892;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java index 9cf32974f..9d41cea69 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/HttpSessionLoginModule.java @@ -14,6 +14,7 @@ import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; @@ -68,7 +69,14 @@ public class HttpSessionLoginModule implements LoginModule { return false; authorization = (Authorization) request.getAttribute(HttpContext.AUTHORIZATION); if (authorization == null) {// search by session ID - String httpSessionId = request.getSession(false).getId(); + HttpSession httpSession = request.getSession(false); + if (httpSession == null) { + // TODO make sure this is always safe + if (log.isTraceEnabled()) + log.trace("Create http session"); + httpSession = request.getSession(true); + } + String httpSessionId = httpSession.getId(); // authorization = (Authorization) // request.getSession().getAttribute(HttpContext.AUTHORIZATION); // if (authorization == null) { @@ -111,7 +119,7 @@ public class HttpSessionLoginModule implements LoginModule { } if (authorization != null) { - CmsAuthUtils.addAuthorization(subject, authorization, request); + CmsAuthUtils.addAuthorization(subject, authorization, request.getLocale(), request); cleanUp(); return true; } else {