Hi,
Unless I'm missing something, I believe Guard.doHandle should
be changed from:
public void doHandle(Request request, Response response) {
switch (authenticate(request)) {
case 1:
// Valid credentials provided
if (authorize(request)) {
accept(request, response);
} else {
forbid(response);
}
break;
case 0:
// No credentials provided
challenge(response);
break;
case -1:
// Wrong credentials provided
forbid(response);
break;
}
}
to:
public void doHandle(Request request, Response response) {
switch (authenticate(request)) {
case 1:
// Valid credentials provided
accept(request, response);
break;
case 0:
// No credentials provided
challenge(response);
break;
case -1:
// Wrong credentials provided
forbid(response);
break;
}
}
Otherwise, authenticate ends up being called twice (once in the switch
statement) and once by authorize() in the case statement.
-Vincent.
