Fixed 12362: don't execute old request after redirect to login page
authorStefan Hühner <stefan.huehner@openbravo.com>
Fri, 19 Feb 2010 13:45:50 +0100
changeset 6499 e2616479f44e
parent 6498 6b8d9ce301fd
child 6500 cbe25f0abf2c
Fixed 12362: don't execute old request after redirect to login page
If the users session is timed-out (or force-logged out) redirect to
login page as usual, but don't continue executing the old request
as its not useful and can't work correctly
src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
--- a/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java	Fri Feb 19 11:59:53 2010 +0100
+++ b/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java	Fri Feb 19 13:45:50 2010 +0100
@@ -192,6 +192,12 @@
       OBContext.enableAsAdminContext();
 
       strUserAuth = m_AuthManager.authenticate(request, response);
+
+      if (strUserAuth == null) {
+        // auth-manager return null after redirecting to the login page -> stop request-processing
+        return;
+      }
+
       variables = new Variables(request); // Rebuild variable, auth-mgr could set the role
 
       boolean loggedOK = false;