hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-14 13:33:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Scott Phillips) Added protection against NPEs during authentication.

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/branches/dspace-1_5_x@2851 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Scott Phillips
2008-03-18 05:26:07 +00:00
parent e5c8802032
commit d72aafe3e4
3 changed files with 53 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
View File

@@ -145,11 +145,15 @@ public class LDAPAuthentication
{ {
log.info(LogManager.getHeader(context, "auth", "attempting trivial auth of user="+netid)); log.info(LogManager.getHeader(context, "auth", "attempting trivial auth of user="+netid));
// Skip out when no netid or password is given.
if (netid == null || password == null)
return BAD_ARGS;
// Locate the eperson // Locate the eperson
EPerson eperson = null; EPerson eperson = null;
try try
{ {
eperson = EPerson.findByNetid(context, netid.toLowerCase()); eperson = EPerson.findByNetid(context, netid.toLowerCase());
} }
catch (SQLException e) catch (SQLException e)
{ {

82
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/eperson/AuthenticateAction.java
View File

@@ -97,49 +97,53 @@ public class AuthenticateAction extends AbstractAction
String password = request.getParameter("login_password"); String password = request.getParameter("login_password");
String realm = request.getParameter("login_realm"); String realm = request.getParameter("login_realm");
try // Skip out if no email or password is given.
{ if (email == null || password == null)
Context context = AuthenticationUtil.Authenticate(objectModel, email,password, realm); return null;
try
{
Context context = AuthenticationUtil.Authenticate(objectModel, email,password, realm);
EPerson eperson = context.getCurrentUser(); EPerson eperson = context.getCurrentUser();
if (eperson != null) if (eperson != null)
{
// The user has successfully logged in
String redirectURL = request.getContextPath();
if (AuthenticationUtil.isInterupptedRequest(objectModel))
{
// Resume the request and set the redirect target URL to
// that of the originaly interrupted request.
redirectURL += AuthenticationUtil.resumeInterruptedRequest(objectModel);
}
else
{
// Otherwise direct the user to the login page
String loginRedirect = ConfigurationManager.getProperty("xmlui.user.loginredirect");
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "";
}
// Authentication successfull send a redirect.
final HttpServletResponse httpResponse = (HttpServletResponse) objectModel.get(HttpEnvironment.HTTP_RESPONSE_OBJECT);
httpResponse.sendRedirect(redirectURL);
// log the user out for the rest of this current request, however they will be reauthenticated
// fully when they come back from the redirect. This prevents caching problems where part of the
// request is preformed fore the user was authenticated and the other half after it succedded. This
// way the user is fully authenticated from the start of the request.
context.setCurrentUser(null);
return new HashMap();
}
}
catch (SQLException sqle)
{ {
throw new PatternException("Unable to preform authentication", // The user has successfully logged in
sqle); String redirectURL = request.getContextPath();
if (AuthenticationUtil.isInterupptedRequest(objectModel))
{
// Resume the request and set the redirect target URL to
// that of the originaly interrupted request.
redirectURL += AuthenticationUtil.resumeInterruptedRequest(objectModel);
}
else
{
// Otherwise direct the user to the login page
String loginRedirect = ConfigurationManager.getProperty("xmlui.user.loginredirect");
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "";
}
// Authentication successfull send a redirect.
final HttpServletResponse httpResponse = (HttpServletResponse) objectModel.get(HttpEnvironment.HTTP_RESPONSE_OBJECT);
httpResponse.sendRedirect(redirectURL);
// log the user out for the rest of this current request, however they will be reauthenticated
// fully when they come back from the redirect. This prevents caching problems where part of the
// request is preformed fore the user was authenticated and the other half after it succedded. This
// way the user is fully authenticated from the start of the request.
context.setCurrentUser(null);
return new HashMap();
} }
}
catch (SQLException sqle)
{
throw new PatternException("Unable to preform authentication",
sqle);
}
return null; return null;
} }

7
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/eperson/LDAPAuthenticateAction.java
View File

@@ -92,9 +92,12 @@ public class LDAPAuthenticateAction extends AbstractAction {
String password = request.getParameter("ldap_password"); String password = request.getParameter("ldap_password");
String realm = request.getParameter("login_realm"); String realm = request.getParameter("login_realm");
// Skip out of no name or password given.
if (username == null || password == null)
return null;
try { try {
Context context = AuthenticationUtil.Authenticate(objectModel, Context context = AuthenticationUtil.Authenticate(objectModel,username, password, realm);
username, password, realm);
EPerson eperson = context.getCurrentUser(); EPerson eperson = context.getCurrentUser();