From 1b019f2d114b158676b8fa4acc0e2f1c06beeac2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 14 Apr 2015 16:57:59 +0200
Subject: fix problem with Authenticated sessions

---
 .../configuration/filter/AuthenticationFilter.java | 26 +++++++++++-----------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'id/ConfigWebTool/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index d13696d51..8ddeb9ebc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -134,21 +134,20 @@ public class AuthenticationFilter implements Filter{
         
 		log.trace("Request URL: " + requestURL);
 		
-		AuthenticationManager authManager = AuthenticationManager.getInstance();
-		if (!authManager.isActiveUser(authuser)) {
-			//user is not active anymore. Invalidate session and reauthenticate user
-			String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
-			session.invalidate();
-			authuser = null;
+		AuthenticationManager authManager = AuthenticationManager.getInstance();				
+		if (!authManager.isActiveUser(authuser) && !this.isExcluded(requestURL)) {			
+			if (!this.isExcluded(requestURL)) {
+				//user is not active anymore. Invalidate session and reauthenticate user
+				String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+				session.invalidate();
+				authuser = null;
 			
-			//TODO: set infotext
-			
-			session = httpServletRequest.getSession(true);
-			session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
-		}
-				
-		if (authuser == null && !this.isExcluded(requestURL)) {
+				//TODO: set infotext
 			
+				session = httpServletRequest.getSession(true);
+				session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
+			}
+						
 			if (config.isLoginDeaktivated()) {
 				//add dummy Daten
 				log.warn("Authentication is deaktivated. Dummy authentication-information are used!");
@@ -178,6 +177,7 @@ public class AuthenticationFilter implements Filter{
 	              }
 				
 			} else {
+												
 	            if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
 	                log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\".");
 	                
-- 
cgit v1.2.3