portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwat...@apache.org
Subject svn commit: r772016 - /portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java
Date Wed, 06 May 2009 00:06:22 GMT
Author: rwatler
Date: Wed May  6 00:06:22 2009
New Revision: 772016

URL: http://svn.apache.org/viewvc?rev=772016&view=rev
Log:
JS2-900: if profiler valve page fallback not enabled, generate 403 on SecurityException for
anonymous portal access

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java?rev=772016&r1=772015&r2=772016&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/profiler/impl/ProfilerValveImpl.java
Wed May  6 00:06:22 2009
@@ -86,8 +86,11 @@
     private PortalSite portalSite;
 
     /**
-     * requestFallback - flag indicating whether request should fallback to root folder
-     *                   if locators do not select a page or access is forbidden
+     * requestFallback - flag indicating whether request should fallback to closest
+     *                   intermediate or root folder if locators do not select a page
+     *                   or access is forbidden; if set, forbidden and not found
+     *                   response status codes are avoided if at all possible: do not
+     *                   set if 403s and 404s are expected to be returned by the portal
      */
     private boolean requestFallback;
 
@@ -249,22 +252,26 @@
         }
         catch (SecurityException se)
         {
-            // fallback to portal root folder/default page if
-            // no user is available and request path is not
-            // already attempting to access the root folder;
-            // this is rarely the case since the anonymous
-            // user is normally defined unless the default
-            // security system has been replaced/overridden
-            if (request.getRequest().getUserPrincipal() == null &&
-                request.getPath() != null &&
-                !request.getPath().equals("/"))
+            // fallback to root folder/default page
+            if (requestFallback)
             {
-                try 
+                // fallback to portal root folder/default page if
+                // no user is available and request path is not
+                // already attempting to access the root folder;
+                // this is rarely the case since the anonymous
+                // user is normally defined unless the default
+                // security system has been replaced/overridden
+                if (request.getRequest().getUserPrincipal() == null &&
+                    request.getPath() != null &&
+                    !request.getPath().equals("/"))
                 {
-                    request.getResponse().sendRedirect(request.getRequest().getContextPath());
+                    try 
+                    {
+                        request.getResponse().sendRedirect(request.getRequest().getContextPath());
+                    }
+                    catch (IOException ioe){}
+                    return;
                 }
-                catch (IOException ioe){}
-                return;
             }
 
             // return standard HTTP 403 - FORBIDDEN status



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message