From dcf41eaa9ec6edf4bea9d9caff244d7f02a1d660 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Thu, 25 Apr 2013 15:19:11 -0400
Subject: [PATCH] tried to make prompt=login work, backed off for now

---
 .../mitre/openid/connect/filter/PromptFilter.java  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java
index b3bcfa798..2a17408f8 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java
@@ -60,7 +60,21 @@ public class PromptFilter extends GenericFilterBean {
         	        response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
         	        return;
         		}
+        		/* TODO: this is an attempt to catch the prompt=login case, but it results in an infinite loop so it's commented out
+        	} else if (request.getParameter("prompt").equals("login")) {
+        		// see if the user's logged in
+        		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
         		
+        		if (auth != null) {
+        			// user's been logged in already (by session management)
+        			// log them out and continue
+        			SecurityContextHolder.getContext().setAuthentication(null);
+        			chain.doFilter(req, res);
+        		} else {
+        			// user hasn't been logged in yet, we can keep going
+        			chain.doFilter(req, res);
+        		}
+        		*/
         	} else {
         		// prompt parameter is a value we don't care about, not our business 
         		chain.doFilter(req, res);