test/cuba
1
0
Fork 0
mirror of https://gitee.com/jmix/cuba.git synced 2024-12-04 04:07:42 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

PL-5085 Single sign-on for CUBA applications - guard for invalidated sessions

Browse Source
This commit is contained in:
Yuriy Artamonov 2016-09-30 17:51:10 +04:00
parent 168dce228b
commit f467d33440
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/web-auth/src/com/haulmont/cuba/web/auth/IdpAuthProvider.java
View File

@ -43,10 +43,7 @@ import org.slf4j.LoggerFactory;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.*;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
@ -132,6 +129,18 @@ public class IdpAuthProvider implements CubaAuthProvider {
IdpSession boundIdpSession;
sessionLock.lock();
try {
session.getAttribute(IDP_SESSION_LOCK_ATTRIBUTE);
} catch (IllegalStateException e) {
// Someone might have invalidated the session between fetching the lock and acquiring it.
sessionLock.unlock();
log.debug("Invalidated session {}", session.getId());
httpResponse.sendRedirect(httpRequest.getRequestURL().toString());
return;
}
try {
if ("GET".equals(httpRequest.getMethod())
&& httpRequest.getParameter(IDP_TICKET_REQUEST_PARAM) != null) {