Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-14 14:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.

Browse Source
This commit is contained in:
Ben Alex 2006-01-27 05:10:30 +00:00
parent 07ed2ca2f0
commit 2459858f48
3 changed files with 74 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
core/src/main/java/org/acegisecurity/concurrent/SessionIdentifierAware.java Normal file
View File

@ -0,0 +1,44 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.concurrent;
/**
* Implemented by {@link Authentication#getDetails()} implementations that are
* capable of returning a session ID.
*
* <p>
* This interface is used by {@link
* org.acegisecurity.concurrent.SessionRegistryUtils} to extract the session
* ID from an <code>Authentication</code> object. In turn,
* <code>SessionRegistryUtils</code> is used by {@link
* ConcurrentSessionControllerImpl}. If not using this latter implementation,
* you do not need the <code>Authentication.getDetails()</code> object to
* implement <code>SessionIdentifierAware</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface SessionIdentifierAware {
//~ Methods ================================================================
/**
* Obtains the session ID.
*
* @return the session ID, or <code>null</code> if not known.
*/
public String getSessionId();
}

12
core/src/main/java/org/acegisecurity/concurrent/SessionRegistryUtils.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,7 +16,9 @@
package org.acegisecurity.concurrent;
import org.acegisecurity.Authentication;
import org.acegisecurity.ui.WebAuthenticationDetails;
import org.acegisecurity.userdetails.UserDetails;
import org.springframework.util.Assert;
@ -46,11 +48,13 @@ public class SessionRegistryUtils {
public static String obtainSessionIdFromAuthentication(Authentication auth) {
Assert.notNull(auth, "Authentication required");
Assert.notNull(auth.getDetails(), "Authentication.getDetails() required");
Assert.isInstanceOf(WebAuthenticationDetails.class, auth.getDetails());
Assert.isInstanceOf(SessionIdentifierAware.class, auth.getDetails());
String sessionId = ((WebAuthenticationDetails) auth.getDetails())
String sessionId = ((SessionIdentifierAware) auth.getDetails())
.getSessionId();
Assert.hasText(sessionId, "WebAuthenticationDetails missing SessionId");
Assert.hasText(sessionId,
"SessionIdentifierAware did not return a Session ID ("
+ auth.getDetails() + ")");
return sessionId;
}

34
core/src/main/java/org/acegisecurity/ui/WebAuthenticationDetails.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -12,8 +12,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.ui;
import org.acegisecurity.concurrent.SessionIdentifierAware;
import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
@ -26,13 +29,18 @@ import javax.servlet.http.HttpSession;
* @author Ben Alex
* @version $Id$
*/
public class WebAuthenticationDetails implements Serializable {
public class WebAuthenticationDetails implements SessionIdentifierAware,
Serializable {
//~ Instance fields ========================================================
private String remoteAddress;
private String sessionId;
//~ Constructors ===========================================================
/**
* Constructor.
*
*
* <p>
* NB: This constructor will cause a <code>HttpSession</code> to be created
* (this is considered reasonable as all Acegi Security authentication
@ -51,8 +59,9 @@ public class WebAuthenticationDetails implements Serializable {
public WebAuthenticationDetails(HttpServletRequest request,
boolean forceSessionCreation) {
this.remoteAddress = request.getRemoteAddr();
HttpSession session = request.getSession(forceSessionCreation);
this.sessionId = session != null ? session.getId() : null;
this.sessionId = (session != null) ? session.getId() : null;
doPopulateAdditionalInformation(request);
}
@ -61,6 +70,15 @@ public class WebAuthenticationDetails implements Serializable {
throw new IllegalArgumentException("Cannot use default constructor");
}
//~ Methods ================================================================
/**
* Provided so that subclasses can populate additional information.
*
* @param request that the authentication request was received from
*/
protected void doPopulateAdditionalInformation(HttpServletRequest request) {}
/**
* Indicates the TCP/IP address the authentication request was received
* from.
@ -89,12 +107,4 @@ public class WebAuthenticationDetails implements Serializable {
return sb.toString();
}
/**
* Provided so that subclasses can populate additional information.
*
* @param request that the authentication request was received from
*/
protected void doPopulateAdditionalInformation(HttpServletRequest request) {
}
}