2 Replies Latest reply on Jun 6, 2006 1:11 PM by j2ee_junkie

    org.jboss.web.tomcat.security.FormAuthenticator.matchRequest

    drpizza
    drpizza May 30, 2006 9:42 AM

       

       protected boolean matchRequest(Request request) {

 // Has a session been created?
 Session session = request.getSessionInternal(false);
 if (session == null)
 return (false);

 // Is there a saved request?
 SavedRequest sreq = (SavedRequest)
 session.getNote(Constants.FORM_REQUEST_NOTE);
 if (sreq == null)
 return (false);

 // Is there a saved principal?
 if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
 return (false);

 // Does the request URI match?
 String requestURI = request.getRequestURI();
 if (requestURI == null)
 return (false);
 return (requestURI.equals(request.getRequestURI()));

 }

      surely should be 
       protected boolean matchRequest(Request request) {

 // Has a session been created?
 Session session = request.getSessionInternal(false);
 if (session == null)
 return (false);

 // Is there a saved request?
 SavedRequest sreq = (SavedRequest)
 session.getNote(Constants.FORM_REQUEST_NOTE);
 if (sreq == null)
 return (false);

 // Is there a saved principal?
 if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
 return (false);

 // Does the request URI match?
 String requestURI = request.getRequestURI();
 if (requestURI == null)
 return (false);
 return (requestURI.equals(sreq.getRequestURI()));

 }

      since as things stand they'll always match because the string is being compared to itself.

      • 14229 Views
      • Tags: