Make auth more robust

author Mathieu Baudier <mbaudier@argeo.org>

Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)

committer Mathieu Baudier <mbaudier@argeo.org>

Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)
author Mathieu Baudier <mbaudier@argeo.org>
Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)
committer Mathieu Baudier <mbaudier@argeo.org>
Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java

index e6c63a4de030edfed46be5a206b05643dd0e588d..dde2d73f50efffa23f6267d454e9b9c24f75de76 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -158,18 +158,19 @@ class CmsAuthUtils {
                                 cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
                         }
                         // request.setAttribute(CmsSession.class.getName(), cmsSession);
-                       CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
-                       if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
-                               subject.getPrivateCredentials().add(nodeSessionId);
-                       else {
-                               UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
-                               // if (storedSessionId.equals(httpSessionId.getValue()))
-                               throw new CmsException(
-                                               "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+                       if (cmsSession != null) {
+                               CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+                               if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
+                                       subject.getPrivateCredentials().add(nodeSessionId);
+                               else {
+                                       UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
+                                                       .getUuid();
+                                       // if (storedSessionId.equals(httpSessionId.getValue()))
+                                       throw new CmsException(
+                                                       "Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+                               }
                         }
-               } else
-
-               {
+               } else {
                         // TODO desktop, CLI
                 }
         }
author	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 7 Feb 2018 11:35:57 +0000 (12:35 +0100)