From 234d98aee7364defa8db9e634627c46075cc8913 Mon Sep 17 00:00:00 2001 From: Eduard Heimbuch Date: Tue, 12 Nov 2019 13:49:37 +0100 Subject: [PATCH] Don't use anonymous access after access token expires --- .../main/java/sonia/scm/web/filter/AuthenticationFilter.java | 2 +- scm-ui/ui-components/src/apiclient.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scm-core/src/main/java/sonia/scm/web/filter/AuthenticationFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/AuthenticationFilter.java index 87209ce409..3b64e6b5ac 100644 --- a/scm-core/src/main/java/sonia/scm/web/filter/AuthenticationFilter.java +++ b/scm-core/src/main/java/sonia/scm/web/filter/AuthenticationFilter.java @@ -127,7 +127,7 @@ public class AuthenticationFilter extends HttpFilter logger.trace("user is already authenticated"); processChain(request, response, chain, subject); } - else if (isAnonymousAccessEnabled()) + else if (isAnonymousAccessEnabled() && !HttpUtil.isWUIRequest(request)) { logger.trace("anonymous access granted"); subject.login(new AnonymousToken()); diff --git a/scm-ui/ui-components/src/apiclient.ts b/scm-ui/ui-components/src/apiclient.ts index 396200f1c1..8af093fac7 100644 --- a/scm-ui/ui-components/src/apiclient.ts +++ b/scm-ui/ui-components/src/apiclient.ts @@ -7,7 +7,8 @@ const applyFetchOptions: (p: RequestInit) => RequestInit = o => { o.headers = { Cache: "no-cache", // identify the request as ajax request - "X-Requested-With": "XMLHttpRequest" + "X-Requested-With": "XMLHttpRequest", + "X-SCM-Client": "WUI" }; return o; };