Re issue 9249: Set #Authenticated_user session attribute before initialising OBContext
authorBen Sommerville <ben.sommerville@eintel.com.au>
Tue, 02 Jun 2009 14:29:19 +1000
changeset 3942 ec6df6099183
parent 3941 cca535cc6e26
child 3943 7eecddf0cf81
Re issue 9249: Set #Authenticated_user session attribute before initialising OBContext
src/org/openbravo/authentication/lam/LamAuthenticationManager.java
--- a/src/org/openbravo/authentication/lam/LamAuthenticationManager.java	Mon Jun 01 19:20:13 2009 +0200
+++ b/src/org/openbravo/authentication/lam/LamAuthenticationManager.java	Tue Jun 02 14:29:19 2009 +1000
@@ -71,15 +71,15 @@
           throw new AuthenticationException("Authenticated user is not an Openbravo ERP user: "
               + sUserName);
         }
+        request.getSession(true).setAttribute(AUTHENTICATED_USER_ATTRIBUTE, sUserId);
         try {
           OBContext.setOBContext(request);
         } catch (final OBSecurityException e) {
           // login failed, no roles specified
           // remove authenticated user
-          request.getSession(true).setAttribute(AUTHENTICATED_USER_ATTRIBUTE, null);
+          request.getSession(true).removeAttribute(AUTHENTICATED_USER_ATTRIBUTE);
           return null;
         }
-        request.getSession(true).setAttribute(AUTHENTICATED_USER_ATTRIBUTE, sUserId);
         return sUserId;
       }
     } catch (XmlRpcException e) {