SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.

core/src/main/java/org/acegisecurity/concurrent/SessionIdentifierAware.java

@@ -0,0 +1,44 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity.concurrent;
+
+/**
+ * Implemented by {@link Authentication#getDetails()} implementations that are
+ * capable of returning a session ID.
+ * 
+ * <p>
+ * This interface is used by {@link
+ * org.acegisecurity.concurrent.SessionRegistryUtils} to extract the session
+ * ID from an <code>Authentication</code> object. In turn,
+ * <code>SessionRegistryUtils</code> is used by {@link
+ * ConcurrentSessionControllerImpl}. If not using this latter implementation,
+ * you do not need the <code>Authentication.getDetails()</code> object to
+ * implement <code>SessionIdentifierAware</code>.
+ * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public interface SessionIdentifierAware {
+    //~ Methods ================================================================
+
+    /**
+     * Obtains the session ID.
+     *
+     * @return the session ID, or <code>null</code> if not known.
+     */
+    public String getSessionId();
+}

core/src/main/java/org/acegisecurity/concurrent/SessionRegistryUtils.java

@@ -1,4 +1,4 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,9 @@
 package org.acegisecurity.concurrent;
 
 import org.acegisecurity.Authentication;
+
 import org.acegisecurity.ui.WebAuthenticationDetails;
+
 import org.acegisecurity.userdetails.UserDetails;
 
 import org.springframework.util.Assert;
@@ -46,11 +48,13 @@ public class SessionRegistryUtils {
     public static String obtainSessionIdFromAuthentication(Authentication auth) {
         Assert.notNull(auth, "Authentication required");
         Assert.notNull(auth.getDetails(), "Authentication.getDetails() required");
-        Assert.isInstanceOf(WebAuthenticationDetails.class, auth.getDetails());
+        Assert.isInstanceOf(SessionIdentifierAware.class, auth.getDetails());
 
-        String sessionId = ((WebAuthenticationDetails) auth.getDetails())
+        String sessionId = ((SessionIdentifierAware) auth.getDetails())
             .getSessionId();
-        Assert.hasText(sessionId, "WebAuthenticationDetails missing SessionId");
+        Assert.hasText(sessionId,
+            "SessionIdentifierAware did not return a Session ID ("
+            + auth.getDetails() + ")");
 
         return sessionId;
     }

core/src/main/java/org/acegisecurity/ui/WebAuthenticationDetails.java

@@ -1,4 +1,4 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,8 +12,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package org.acegisecurity.ui;
 
+import org.acegisecurity.concurrent.SessionIdentifierAware;
+
 import java.io.Serializable;
 
 import javax.servlet.http.HttpServletRequest;
@@ -26,10 +29,15 @@ import javax.servlet.http.HttpSession;
  * @author Ben Alex
  * @version $Id$
  */
-public class WebAuthenticationDetails implements Serializable {
+public class WebAuthenticationDetails implements SessionIdentifierAware,
+    Serializable {
+    //~ Instance fields ========================================================
+
     private String remoteAddress;
     private String sessionId;
 
+    //~ Constructors ===========================================================
+
     /**
      * Constructor.
      * 
@@ -51,8 +59,9 @@ public class WebAuthenticationDetails implements Serializable {
     public WebAuthenticationDetails(HttpServletRequest request,
         boolean forceSessionCreation) {
         this.remoteAddress = request.getRemoteAddr();
+
         HttpSession session = request.getSession(forceSessionCreation);
-        this.sessionId = session != null ? session.getId() : null;
+        this.sessionId = (session != null) ? session.getId() : null;
 
         doPopulateAdditionalInformation(request);
     }
@@ -61,6 +70,15 @@ public class WebAuthenticationDetails implements Serializable {
         throw new IllegalArgumentException("Cannot use default constructor");
     }
 
+    //~ Methods ================================================================
+
+    /**
+     * Provided so that subclasses can populate additional information.
+     *
+     * @param request that the authentication request was received from
+     */
+    protected void doPopulateAdditionalInformation(HttpServletRequest request) {}
+
     /**
      * Indicates the TCP/IP address the authentication request was received
      * from.
@@ -89,12 +107,4 @@ public class WebAuthenticationDetails implements Serializable {
 
         return sb.toString();
     }
-
-    /**
-     * Provided so that subclasses can populate additional information.
-     *
-     * @param request that the authentication request was received from
-     */
-    protected void doPopulateAdditionalInformation(HttpServletRequest request) {
-    }
 }