WFLY-3514 Make sure JASPIAuthenticationMechanism only wraps the reque…

…st once
wildfly · Jun 17, 2014 · e713a36 · e713a36
1 parent 04ef9e8
commit e713a36
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/...main/java/org/wildfly/extension/undertow/security/jaspi/JASPIAuthenticationMechanism.java b/...main/java/org/wildfly/extension/undertow/security/jaspi/JASPIAuthenticationMechanism.java
@@ -73,6 +73,7 @@ public class JASPIAuthenticationMechanism implements AuthenticationMechanism {
 
     public static final AttachmentKey<HttpServerExchange> HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY = AttachmentKey.create(HttpServerExchange.class);
     public static final AttachmentKey<SecurityContext> SECURITY_CONTEXT_ATTACHMENT_KEY = AttachmentKey.create(SecurityContext.class);
+    private static final AttachmentKey<Boolean> ALREADY_WRAPPED = AttachmentKey.create(Boolean.class);
 
     private final String securityDomain;
     private final String configuredAuthMethod;
@@ -220,6 +221,10 @@ private Account createAccount(final Account cachedAccount, final org.jboss.secur
     }
 
     private void secureResponse(final HttpServerExchange exchange, final SecurityContext securityContext, final JASPIServerAuthenticationManager sam, final GenericMessageInfo messageInfo, final JASPICallbackHandler cbh) {
+        if(exchange.getAttachment(ALREADY_WRAPPED) != null || exchange.isResponseStarted()) {
+            return;
+        }
+        exchange.putAttachment(ALREADY_WRAPPED, true);
         // we add a response wrapper to properly invoke the secureResponse, after processing the destination
         exchange.addResponseWrapper(new ConduitWrapper<StreamSinkConduit>() {
             @Override