Bug 129503
Summary: | redhat global cookie not set | ||
---|---|---|---|
Product: | [Retired] Red Hat Network | Reporter: | Ryan Bloom <rbb> |
Component: | RHN/R&D | Assignee: | Chip Turner <cturner> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fanny Augustin <fmoquete> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | RHN Devel | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-09-20 15:21:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 125080 |
Description
Ryan Bloom
2004-08-09 20:12:59 UTC
assign to chip. this should be in with the caveat that right now it doesn't respect SSL since we have no way to work with SSL in the current development environment. closing this bug, opening a bug regarding ssl. There were comments made on this commit that have not been resolved yet. Modified: trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java > =================================================================== > --- trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java 2004-09-03 20:00:16 UTC (rev 1132) > +++ trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java 2004-09-03 22:44:38 UTC (rev 1133) > @@ -25,7 +25,7 @@ > private long id; > private String value; > private long expires; > - private long webUserId; > + private Long webUserId; > private Map valueMap; > private User user; > > @@ -64,7 +64,7 @@ > * Gets the current value of web_user_id > * @return long - the current value > */ > - public long getWebUserId() { > + public Long getWebUserId() { > return webUserId; > } > > @@ -72,9 +72,11 @@ > * Sets the value of web_user_id to new value > * @param idIn New value for id > */ > - public void setWebUserId(long idIn) { > + public void setWebUserId(Long idIn) { > + if (idIn != null && idIn.longValue() == 0) { > + throw new RuntimeException("no such thing as user 0!"); > + } Please, do not throw RuntimeException. > Copied: trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java (from rev 1129, trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java) > =================================================================== > --- trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java 2004-09-03 13:45:32 UTC (rev 1129) > +++ trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java 2004-09-03 22:44:38 UTC (rev 1133) > @@ -0,0 +1,99 @@ > +/** > + * Copyright (c) 2004 Red Hat, Inc. > + * All Rights Reserved. > + * > + * This software is the confidential and proprietary information of > + * Red Hat, Inc. ("Confidential Information"). You shall not > + * disclose such Confidential Information and shall use it only in > + * accordance with the terms of the license agreement you entered into > + * with Red Hat. > + */ > +package com.redhat.rhn.frontend.util; > + > +import com.redhat.rhn.common.conf.Config; > +import com.redhat.rhn.common.security.SessionSwap; > +import com.redhat.rhn.domain.session.Session; > +import com.redhat.rhn.domain.session.SessionFactory; > +import com.redhat.rhn.manager.session.SessionManager; > + > +import java.util.Date; > + > +import javax.servlet.http.Cookie; > +import javax.servlet.http.HttpServletRequest; > +import javax.servlet.http.HttpServletResponse; > +import javax.servlet.http.HttpSession; > + > +/** > + * LoginUtil > + * @version $Rev$ > + */ > +public class LoginUtil { > + /** the name of the Red Hat auth token */ > + public static final String AUTH_COOKIE_NAME = "rh_auth_token"; > + > + private LoginUtil() { > + } > + > + /** utility function to retrieve a given user's session, or, if it > + * doesn't exist, create it */ > + > + public static Session findUserSession(HttpServletRequest request) { > + HttpSession session = request.getSession(); > + Long sessionId = (Long)session.getAttribute("session_id"); > + > + Session s = null; > + long expirationTime = SessionManager.timeoutValue(); > + > + if (sessionId != null) { > + s = SessionFactory.lookupById(sessionId, null); You didn't handle the null return here. That means that this method can easily return null, which will cause an NPE in other code. Either don't pass in anything, pass in an Exception, or handle the null case. Looks like the first RuntimeException already was changed to an IllegalArgumentException. Also, the second issue is not an issue -- two lines later, a check to see if 's' is null is performed (which can happen either if there is no sessionId at all, or if the lookup failed and returned a null). |