Merge branch 'stable-3.3' into stable-3.4 * stable-3.3: Create HTTP session only for login requests Change-Id: I2cdbe081bde805ac0f90c38bfdfe7bc0b333b64b

commit: 4391380751fef433a797ae6a3082779812a7d6a1 [log] [tgz]
author: Luca Milanesio <luca.milanesio@gmail.com> Thu Dec 15 22:35:14 2022 +0000
committer: Luca Milanesio <luca.milanesio@gmail.com> Thu Dec 15 22:35:14 2022 +0000
tree: 636eb490b2d2949cd888f2f1452579c5038e9933
parent: 21aabba19698a57b43ae21c6a4fdc07fa268461a [diff]
parent: 2ec2c14205e9fcdd72219052eca4907188f57b07 [diff]
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
index 357ff24..a58ef8a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java

@@ -151,13 +151,13 @@
     */
     HttpServletRequest httpRequest = new AnonymousHttpRequest((HttpServletRequest) incomingRequest);
     HttpServletResponse httpResponse = (HttpServletResponse) response;
-    AuthenticatedUser user = userFromRequest(httpRequest);
 
     try {
       if (isSamlPostback(httpRequest)) {
         J2EContext context = new J2EContext(httpRequest, httpResponse);
         signin(context);
       } else if (isGerritLogin(httpRequest)) {
+        AuthenticatedUser user = userFromRequest(httpRequest);
         if (user == null) {
           J2EContext context = new J2EContext(httpRequest, httpResponse);
           redirectToIdentityProvider(context);
commit	4391380751fef433a797ae6a3082779812a7d6a1	[log] [tgz]
author	Luca Milanesio <luca.milanesio@gmail.com>	Thu Dec 15 22:35:14 2022 +0000
committer	Luca Milanesio <luca.milanesio@gmail.com>	Thu Dec 15 22:35:14 2022 +0000
tree	636eb490b2d2949cd888f2f1452579c5038e9933
parent	21aabba19698a57b43ae21c6a4fdc07fa268461a [diff]
parent	2ec2c14205e9fcdd72219052eca4907188f57b07 [diff]