2 Replies Latest reply on Jun 6, 2006 1:11 PM by chris griffith

    org.jboss.web.tomcat.security.FormAuthenticator.matchRequest

    drpizza Newbie

       

       protected boolean matchRequest(Request request) {
      
       // Has a session been created?
       Session session = request.getSessionInternal(false);
       if (session == null)
       return (false);
      
       // Is there a saved request?
       SavedRequest sreq = (SavedRequest)
       session.getNote(Constants.FORM_REQUEST_NOTE);
       if (sreq == null)
       return (false);
      
       // Is there a saved principal?
       if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
       return (false);
      
       // Does the request URI match?
       String requestURI = request.getRequestURI();
       if (requestURI == null)
       return (false);
       return (requestURI.equals(request.getRequestURI()));
      
       }
      

      surely should be
       protected boolean matchRequest(Request request) {
      
       // Has a session been created?
       Session session = request.getSessionInternal(false);
       if (session == null)
       return (false);
      
       // Is there a saved request?
       SavedRequest sreq = (SavedRequest)
       session.getNote(Constants.FORM_REQUEST_NOTE);
       if (sreq == null)
       return (false);
      
       // Is there a saved principal?
       if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
       return (false);
      
       // Does the request URI match?
       String requestURI = request.getRequestURI();
       if (requestURI == null)
       return (false);
       return (requestURI.equals(sreq.getRequestURI()));
      
       }
      

      since as things stand they'll always match because the string is being compared to itself.