Skip to content

Commit

Permalink
Refactor StandardSecurityManager to make configuration of security co…
Browse files Browse the repository at this point in the history
…nstraints simpler
  • Loading branch information
wagnert committed May 11, 2018
1 parent 7a4c79b commit 24fa8c9
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 14 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
Version 1.1.5-beta9

## Bugfixes

* None

## Features

* Refactor StandardSecurityManager to make configuration of security constraints simpler

Version 1.1.5-beta8

## Bugfixes
Expand Down
2 changes: 1 addition & 1 deletion build.default.properties
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
;--------------------------------------------------------------------------------

; ---- Module Release Settings --------------------------------------------------
release.version = 1.1.5-beta8
release.version = 1.1.5-beta9
release.name = Iron Knight

; ---- PHPCPD Settings ----------------------------------------------------------
Expand Down
1 change: 0 additions & 1 deletion src/AppserverIo/Appserver/ServletEngine/Security/Realm.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
use AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface;
use AppserverIo\Appserver\Naming\Utils\NamingDirectoryKeys;
use AppserverIo\Appserver\ServletEngine\Security\Utils\Util;
use AppserverIo\Appserver\Core\Api\Node\SecurityDomainNodeInterface;
use AppserverIo\Appserver\ServletEngine\Security\Auth\Callback\SecurityAssociationHandler;
use AppserverIo\Psr\Security\Auth\Login\SecurityDomainConfigurationInterface;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ public function handleRequest(HttpServletRequestInterface $servletRequest, HttpS
// this resource has to be omitted
$authenticated = false;

} elseif (in_array($servletRequest->getMethod(), $mapping->getHttpMethods())) {
} elseif (in_array($servletRequest->getMethod(), $mapping->getHttpMethods()) || sizeof($mapping->getHttpMethods()) === 0) {
// load the authentication method and authenticate the request
$authenticator = $this->getAuthenticator($mapping);

Expand Down Expand Up @@ -244,19 +244,18 @@ public function handleRequest(HttpServletRequestInterface $servletRequest, HttpS
throw new SecurityException(sprintf('User doesn\'t have necessary privileges for resource %s', $servletRequest->getUri()), 403);
}
}
}

} else {
// load the session
if ($session = $servletRequest->getSession(true)) {
// start it, if not already done
if ($session->isStarted() === false) {
$session->start();
}
// load the session
if ($session = $servletRequest->getSession(true)) {
// start it, if not already done
if ($session->isStarted() === false) {
$session->start();
}

// and query whether or not the session contains a user principal
if ($session->hasKey(Constants::PRINCIPAL)) {
$servletRequest->setUserPrincipal($session->getData(Constants::PRINCIPAL));
}
// and query whether or not the session contains a user principal
if ($session->hasKey(Constants::PRINCIPAL)) {
$servletRequest->setUserPrincipal($session->getData(Constants::PRINCIPAL));
}
}

Expand Down

0 comments on commit 24fa8c9

Please sign in to comment.