Commit aff75698 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Return not_authorized if user tries to bind a resource before authenticating. JM-1097

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@8708 b35dd754-fafc-0310-a699-88a17e54d16e
parent 2fc67c04
......@@ -88,6 +88,14 @@ public class IQBindHandler extends IQHandler {
}
// Get the token that was generated during the SASL authentication
AuthToken authToken = session.getAuthToken();
if (authToken == null) {
// User must be authenticated before binding a resource
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.not_authorized);
// Send the error directly since a route does not exist at this point.
session.process(reply);
return reply;
}
if (authToken.isAnonymous()) {
// User used ANONYMOUS SASL so initialize the session as an anonymous login
session.setAnonymousAuth();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment