Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 05:13:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved javadoc and debug message relating to clearing of security context.

Browse Source
This commit is contained in:
Luke Taylor 2008-11-26 10:35:06 +00:00
parent 482cb23d9c
commit 1f78974073
1 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
core/src/main/java/org/springframework/security/context/rmi/ContextPropagatingRemoteInvocation.java
View File

@ -30,14 +30,14 @@ import java.lang.reflect.InvocationTargetException;
/** /**
* The actual <code>RemoteInvocation</code> that is passed from the client to the server, which contains the * The actual <code>RemoteInvocation</code> that is passed from the client to the server, which contains the
* contents of {@link SecurityContextHolder}, being a {@link SecurityContext} object.<p>When constructed on the * contents of {@link SecurityContextHolder}, being a {@link SecurityContext} object.
* client via {@link org.springframework.security.context.rmi.ContextPropagatingRemoteInvocationFactory}, the contents of the * <p>
* When constructed on the client via {@link ContextPropagatingRemoteInvocationFactory}, the contents of the
* <code>SecurityContext</code> are stored inside the object. The object is then passed to the server that is * <code>SecurityContext</code> are stored inside the object. The object is then passed to the server that is
* processing the remote invocation. Upon the server invoking the remote invocation, it will retrieve the passed * processing the remote invocation. Upon the server invoking the remote invocation, it will retrieve the passed
* contents of the <code>SecurityContextHolder</code> and set them to the server-side * contents of the <code>SecurityContextHolder</code> and set them on the server-side
* <code>SecurityContextHolder</code> whilst the target object is invoked. When the target invocation has been * <code>SecurityContextHolder</code> while the target object is invoked. When the target invocation has been
* completed, the server-side <code>SecurityContextHolder</code> will be reset to a new instance of * completed, the security context will be cleared using a call to {@link SecurityContextHolder#clearContext()}.
* <code>SecurityContextImpl</code>.</p>
* *
* @author James Monaghan * @author James Monaghan
* @author Ben Alex * @author Ben Alex
@ -54,7 +54,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
/** /**
* Constructs the object, storing the value of the client-side * Constructs the object, storing the value of the client-side
* <code>SecurityContextHolder</code> inside the object. * <code>SecurityContextHolder</code> inside the object.
* *
@ -72,11 +72,12 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
/** /**
* Invoked on the server-side as described in the class JavaDocs.<p>Invocations will always have their * Invoked on the server-side as described in the class JavaDocs.
* {@link org.springframework.security.Authentication#setAuthenticated(boolean)} set to <code>false</code>, which is * <p>
* guaranteed to always be accepted by <code>Authentication</code> implementations. This ensures that even * Invocations will always have their {@link org.springframework.security.Authentication#setAuthenticated(boolean)}
* remotely authenticated <code>Authentication</code>s will be untrusted by the server-side, which is an * set to <code>false</code>, which is guaranteed to always be accepted by <code>Authentication</code>
* appropriate security measure.</p> * implementations. This ensures that even remotely authenticated <code>Authentication</code>s will be untrusted by
* the server-side, which is an appropriate security measure.
* *
* @param targetObject the target object to apply the invocation to * @param targetObject the target object to apply the invocation to
* *
@ -87,7 +88,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
* @throws InvocationTargetException if the method invocation resulted in an exception * @throws InvocationTargetException if the method invocation resulted in an exception
*/ */
public Object invoke(Object targetObject) public Object invoke(Object targetObject)
throws NoSuchMethodException, IllegalAccessException, InvocationTargetException { throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
SecurityContextHolder.setContext(securityContext); SecurityContextHolder.setContext(securityContext);
if ((SecurityContextHolder.getContext() != null) if ((SecurityContextHolder.getContext() != null)
@ -105,7 +106,7 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Set SecurityContext to new instance of SecurityContextImpl"); logger.debug("Cleared SecurityContextHolder.");
} }
} }
} }