projects / pithos / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: f1ecc9b)
Properly return Forbidden for folders in the deferred authentication case. Folders...
authorpastith <devnull@localhost>
Tue, 3 Mar 2009 15:39:07 +0000 (15:39 +0000)
committerpastith <devnull@localhost>
Tue, 3 Mar 2009 15:39:07 +0000 (15:39 +0000)
gss/src/gr/ebs/gss/server/rest/FilesHandler.java patch | blob | history

diff --git a/gss/src/gr/ebs/gss/server/rest/FilesHandler.java b/gss/src/gr/ebs/gss/server/rest/FilesHandler.java
index da3cbfb..d99994f 100644 (file)
--- a/gss/src/gr/ebs/gss/server/rest/FilesHandler.java
+++ b/gss/src/gr/ebs/gss/server/rest/FilesHandler.java
@@ -172,10 +172,11 @@ public class FilesHandler extends RequestHandler {
        // Now it's time to perform the deferred authentication check.
                // Since regular signature checking was already performed,
                // we only need to check the read-all flag.
-               if (authDeferred && file != null && !file.isReadForAll()) {
-                       resp.sendError(HttpServletResponse.SC_FORBIDDEN);
-                       return;
-               }
+               if (authDeferred)
+                       if (file != null && !file.isReadForAll() || file == null) {
+                               resp.sendError(HttpServletResponse.SC_FORBIDDEN);
+                               return;
+                       }
 
        // If the resource is not a collection, and the resource path
        // ends with "/" or "\", return NOT FOUND.
Unnamed repository; edit this file 'description' to name the repository.