Related to issue 27200: If the authentication is not required, return null
authorRafa Alonso <rafael.alonso@openbravo.com>
Sun, 24 Aug 2014 06:14:12 +0200
changeset 24313 8355dc1cb215
parent 24312 b434c7af3cfd
child 24314 0e088398c072
Related to issue 27200: If the authentication is not required, return null
- the check has changed its location
src/org/openbravo/authentication/AuthenticationManager.java
--- a/src/org/openbravo/authentication/AuthenticationManager.java	Sun Aug 24 06:12:23 2014 +0200
+++ b/src/org/openbravo/authentication/AuthenticationManager.java	Sun Aug 24 06:14:12 2014 +0200
@@ -139,11 +139,6 @@
       localAdress = HttpBaseUtils.getLocalAddress(request);
     }
 
-    // if we in 'forceLogin' state, there is no need to process any other code
-    if ("Y".equals(request.getSession().getAttribute("forceLogin"))) {
-      return null;
-    }
-
     final String userId = doAuthenticate(request, response);
 
     final VariablesSecureApp vars = new VariablesSecureApp(request, false);
@@ -151,6 +146,11 @@
       setDBSession(request, userId, SUCCESS_SESSION_STANDARD, true);
     }
 
+    // if we in 'forceLogin' state, there is no need to process any other code
+    if ("Y".equals(request.getSession().getAttribute("forceLogin"))) {
+      return null;
+    }
+
     // A restricted resource can define a custom login URL
     // It just need to set an the attribute loginURL in the request
     final String customLoginURL = (String) request.getAttribute("loginURL");