From c606d72c8a3b4f41f758f8237ad605e61f6b1b63 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 16 Oct 2015 12:00:15 -0700 Subject: [PATCH] GUAC-1364: Invalidate session after token has been invalidated. --- .../guacamole/net/basic/rest/RESTExceptionWrapper.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTExceptionWrapper.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTExceptionWrapper.java index 14de30c92..1b3e834b3 100644 --- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTExceptionWrapper.java +++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTExceptionWrapper.java @@ -35,6 +35,7 @@ import org.glyptodon.guacamole.GuacamoleSecurityException; import org.glyptodon.guacamole.GuacamoleUnauthorizedException; import org.glyptodon.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException; import org.glyptodon.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; +import org.glyptodon.guacamole.net.basic.GuacamoleSession; import org.glyptodon.guacamole.net.basic.rest.auth.TokenSessionMap; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -177,8 +178,11 @@ public class RESTExceptionWrapper implements MethodInterceptor { String token = getAuthenticationToken(invocation); // If there is an associated auth token, invalidate it - if (token != null && tokenSessionMap.remove(token) != null) - logger.debug("Implicitly invalidated token \"{}\" due to GuacamoleUnauthorizedException.", token); + GuacamoleSession session = tokenSessionMap.remove(token); + if (session != null) { + session.invalidate(); + logger.debug("Implicitly invalidated session for token \"{}\".", token); + } // Continue with exception processing throw e;