From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 7 Feb 2018 11:35:57 +0000 (+0100)
Subject: Make auth more robust
X-Git-Tag: argeo-commons-2.1.71~7
X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=faf5a48ce8b1d78fb812e0a525f8e20e84d690ad;p=lgpl%2Fargeo-commons.git

Make auth more robust
---

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index e6c63a4de..dde2d73f5 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -158,18 +158,19 @@ class CmsAuthUtils {
 				cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
 			}
 			// request.setAttribute(CmsSession.class.getName(), cmsSession);
-			CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
-			if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
-				subject.getPrivateCredentials().add(nodeSessionId);
-			else {
-				UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
-				// if (storedSessionId.equals(httpSessionId.getValue()))
-				throw new CmsException(
-						"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+			if (cmsSession != null) {
+				CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+				if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
+					subject.getPrivateCredentials().add(nodeSessionId);
+				else {
+					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
+							.getUuid();
+					// if (storedSessionId.equals(httpSessionId.getValue()))
+					throw new CmsException(
+							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+				}
 			}
-		} else
-
-		{
+		} else {
 			// TODO desktop, CLI
 		}
 	}