Skip to content

Commit

Permalink
fix(system): stabilise Spring Security authentication
Browse files Browse the repository at this point in the history 
Fix hawtio#2953
  • Loading branch information
@tadayosi
tadayosi committed Nov 28, 2023
1 parent 9413ff8 commit 8b3a057
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion hawtio-system/src/main/java/io/hawt/web/auth/AuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public void doFilter(final ServletRequest request, final ServletResponse respons

LOG.debug("Handling request for path: {}", path);

if (authConfiguration.getRealm() == null || authConfiguration.getRealm().equals("") || !authConfiguration.isEnabled()) {
if (authConfiguration.getRealm() == null || authConfiguration.getRealm().isEmpty() || !authConfiguration.isEnabled()) {
LOG.debug("No authentication needed for path: {}", path);
chain.doFilter(request, response);
return;
Expand Down
2 changes: 2 additions & 0 deletions hawtio-system/src/main/java/io/hawt/web/auth/LoginServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serial;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
Expand All @@ -26,6 +27,7 @@
*/
public class LoginServlet extends HttpServlet {

@Serial
private static final long serialVersionUID = 187076436862364207L;

private static final Logger LOG = LoggerFactory.getLogger(LoginServlet.class);
Expand Down
14 changes: 10 additions & 4 deletions hawtio-system/src/main/java/io/hawt/web/auth/UserServlet.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package io.hawt.web.auth;

import java.io.IOException;
import java.io.Serial;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
Expand All @@ -16,6 +17,7 @@
*/
public class UserServlet extends HttpServlet {

@Serial
private static final long serialVersionUID = -1239510748236245667L;
private static final String DEFAULT_USER = "public";

Expand Down Expand Up @@ -58,11 +60,15 @@ private String wrapQuote(String str) {

protected String getUsername(HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession(false);

if (session != null) {
return (String) session.getAttribute("user");
} else {
if (session == null) {
return null;
}

// For Spring Security
if (AuthSessionHelpers.isSpringSecurityEnabled()) {
return request.getRemoteUser();
}

return (String) session.getAttribute("user");
}
}

0 comments on commit 8b3a057

Please sign in to comment.