svn commit: r768397 - /incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java

Fri, 24 Apr 2009 12:05:40 -0700 

Author: fmeschbe
Date: Fri Apr 24 18:58:36 2009
New Revision: 768397

URL: http://svn.apache.org/viewvc?rev=768397&view=rev
Log:
SLING-939 Catch new NoAuthenticationHandlerException and log a message
before falling back to sending 403/FORBIDDEN

Modified:
    
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java

Modified: 
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java?rev=768397&r1=768396&r2=768397&view=diff
==============================================================================
--- 
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
 (original)
+++ 
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
 Fri Apr 24 18:58:36 2009
@@ -26,6 +26,7 @@
 import org.apache.sling.api.SlingHttpServletResponse;
 import org.apache.sling.api.servlets.SlingAllMethodsServlet;
 import org.apache.sling.engine.auth.Authenticator;
+import org.apache.sling.engine.auth.NoAuthenticationHandlerException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -53,12 +54,21 @@
 
         Authenticator authenticator = this.authenticator;
         if (authenticator != null) {
-            authenticator.login(request, response);
+            try {
+                authenticator.login(request, response);
+                return;
+            } catch (IllegalStateException ise) {
+                log.error("doGet: Response already committed, cannot login");
+                return;
+            } catch (NoAuthenticationHandlerException nahe) {
+                log.error("doGet: No AuthenticationHandler to login 
registered");
+            }
         } else {
             log.error("doGet: Authenticator service missing, cannot request 
authentication");
-            response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                "Cannot request Authentication");
         }
+
+        // fall back to forbid access
+        response.sendError(HttpServletResponse.SC_FORBIDDEN, "Cannot login");
     }
 
     @Override

Reply via email to