improve security

2025-11-18 03:01:05 +01:00 · 2010-10-15 17:58:16 +02:00
parent e891d762fb
commit d0825b25c8
9 changed files with 469 additions and 101 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/security/DemoAuthenticator.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/DemoAuthenticator.java
@@ -14,7 +14,7 @@ import sonia.scm.User;
 //~--- JDK imports ------------------------------------------------------------

 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpServletResponse;

 /**
 *
@@ -42,13 +42,15 @@ public class DemoAuthenticator implements Authenticator
   *
   *
   * @param request
+   * @param response
   * @param username
   * @param password
   *
   * @return
   */
  @Override
-  public User authenticate(HttpServletRequest request, String username,
+  public User authenticate(HttpServletRequest request,
+                           HttpServletResponse response, String username,
                           String password)
  {
    User user = null;
@@ -56,34 +58,6 @@ public class DemoAuthenticator implements Authenticator
    if (DEMO_USERNAME.equals(username) && DEMO_PASSWORD.equals(password))
    {
      user = new User(username, DEMO_DISPLAYNAME, DEMO_MAIL);
-
-      HttpSession session = request.getSession(true);
-
-      session.setAttribute(DemoAuthenticator.class.getName(), user);
-    }
-
-    return user;
-  }
-
-  //~--- get methods ----------------------------------------------------------
-
-  /**
-   * Method description
-   *
-   *
-   * @param request
-   *
-   * @return
-   */
-  @Override
-  public User getUser(HttpServletRequest request)
-  {
-    User user = null;
-    HttpSession session = request.getSession();
-
-    if (session != null)
-    {
-      user = (User) session.getAttribute(DemoAuthenticator.class.getName());
    }

    return user;