Project

General

Profile

« Previous | Next » 

Revision 8652

Added by Jing Tao almost 11 years ago

In the authenticate method, if metacat can't get user info, the login still can be successful.

View differences:

src/edu/ucsb/nceas/metacat/AuthSession.java
109 109
				if (groups == null) {
110 110
                    groups = new String[0];
111 111
                }
112
				String[] userInfo = null;
113
				try {
114
				     userInfo = authService.getUserInfo(username, password);
115
				} catch (ConnectException e) {
116
				    logMetacat.warn("AuthSession.authenticate - can't get the user info for user "+ username+" since "+e.getMessage());;
117
				}
112 118

  
113
				String[] userInfo = authService.getUserInfo(username, password);
114

  
115 119
				this.session = createSession(request, username, password, groups,
116 120
						userInfo);
117 121
				String sessionId = session.getId();
......
159 163
		session.setAttribute("username", username);
160 164
		session.setAttribute("password", password);
161 165

  
162
		if (userInfo != null & userInfo.length == 3) {
166
		if (userInfo != null && userInfo.length == 3) {
163 167
			session.setAttribute("name", userInfo[0]);
164 168
			session.setAttribute("organization", userInfo[1]);
165 169
			session.setAttribute("email", userInfo[2]);

Also available in: Unified diff