Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-08 06:25:45 +01:00
Code Issues Packages Projects Releases Activity

improve security of administration context

Browse Source
This commit is contained in:
Sebastian Sdorra
2012-10-06 18:35:09 +02:00
parent 7f5f34eddc
commit e89195f6db
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
View File

@@ -117,13 +117,15 @@ public class DefaultAdministrationContext implements AdministrationContext
Subject subject = SecurityUtils.getSubject();
String principal = (String) subject.getPrincipal();
if (logger.isInfoEnabled())
{
String username = null;
if (subject.isAuthenticated())
{
username = subject.getPrincipal().toString();
username = principal;
}
else
{
@@ -150,6 +152,13 @@ public class DefaultAdministrationContext implements AdministrationContext
logger.debug("release runas for user {}",
collection.getPrimaryPrincipal());
}
if (!subject.getPrincipal().equals(principal))
{
logger.error("release runas failed, {} is not equal with {}, logout.",
subject.getPrincipal(), principal);
subject.logout();
}
}
}