mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-14 14:23:30 +00:00
SEC-132: Refactor out getSessionId() to interface, so different Authentication.getDetails() implementations can be used.
This commit is contained in:
parent
07ed2ca2f0
commit
2459858f48
@ -0,0 +1,44 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.concurrent;
|
||||
|
||||
/**
|
||||
* Implemented by {@link Authentication#getDetails()} implementations that are
|
||||
* capable of returning a session ID.
|
||||
*
|
||||
* <p>
|
||||
* This interface is used by {@link
|
||||
* org.acegisecurity.concurrent.SessionRegistryUtils} to extract the session
|
||||
* ID from an <code>Authentication</code> object. In turn,
|
||||
* <code>SessionRegistryUtils</code> is used by {@link
|
||||
* ConcurrentSessionControllerImpl}. If not using this latter implementation,
|
||||
* you do not need the <code>Authentication.getDetails()</code> object to
|
||||
* implement <code>SessionIdentifierAware</code>.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface SessionIdentifierAware {
|
||||
//~ Methods ================================================================
|
||||
|
||||
/**
|
||||
* Obtains the session ID.
|
||||
*
|
||||
* @return the session ID, or <code>null</code> if not known.
|
||||
*/
|
||||
public String getSessionId();
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -16,7 +16,9 @@
|
||||
package org.acegisecurity.concurrent;
|
||||
|
||||
import org.acegisecurity.Authentication;
|
||||
|
||||
import org.acegisecurity.ui.WebAuthenticationDetails;
|
||||
|
||||
import org.acegisecurity.userdetails.UserDetails;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
@ -46,11 +48,13 @@ public class SessionRegistryUtils {
|
||||
public static String obtainSessionIdFromAuthentication(Authentication auth) {
|
||||
Assert.notNull(auth, "Authentication required");
|
||||
Assert.notNull(auth.getDetails(), "Authentication.getDetails() required");
|
||||
Assert.isInstanceOf(WebAuthenticationDetails.class, auth.getDetails());
|
||||
Assert.isInstanceOf(SessionIdentifierAware.class, auth.getDetails());
|
||||
|
||||
String sessionId = ((WebAuthenticationDetails) auth.getDetails())
|
||||
String sessionId = ((SessionIdentifierAware) auth.getDetails())
|
||||
.getSessionId();
|
||||
Assert.hasText(sessionId, "WebAuthenticationDetails missing SessionId");
|
||||
Assert.hasText(sessionId,
|
||||
"SessionIdentifierAware did not return a Session ID ("
|
||||
+ auth.getDetails() + ")");
|
||||
|
||||
return sessionId;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -12,8 +12,11 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity.ui;
|
||||
|
||||
import org.acegisecurity.concurrent.SessionIdentifierAware;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -26,10 +29,15 @@ import javax.servlet.http.HttpSession;
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class WebAuthenticationDetails implements Serializable {
|
||||
public class WebAuthenticationDetails implements SessionIdentifierAware,
|
||||
Serializable {
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private String remoteAddress;
|
||||
private String sessionId;
|
||||
|
||||
//~ Constructors ===========================================================
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
@ -51,8 +59,9 @@ public class WebAuthenticationDetails implements Serializable {
|
||||
public WebAuthenticationDetails(HttpServletRequest request,
|
||||
boolean forceSessionCreation) {
|
||||
this.remoteAddress = request.getRemoteAddr();
|
||||
|
||||
HttpSession session = request.getSession(forceSessionCreation);
|
||||
this.sessionId = session != null ? session.getId() : null;
|
||||
this.sessionId = (session != null) ? session.getId() : null;
|
||||
|
||||
doPopulateAdditionalInformation(request);
|
||||
}
|
||||
@ -61,6 +70,15 @@ public class WebAuthenticationDetails implements Serializable {
|
||||
throw new IllegalArgumentException("Cannot use default constructor");
|
||||
}
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
/**
|
||||
* Provided so that subclasses can populate additional information.
|
||||
*
|
||||
* @param request that the authentication request was received from
|
||||
*/
|
||||
protected void doPopulateAdditionalInformation(HttpServletRequest request) {}
|
||||
|
||||
/**
|
||||
* Indicates the TCP/IP address the authentication request was received
|
||||
* from.
|
||||
@ -89,12 +107,4 @@ public class WebAuthenticationDetails implements Serializable {
|
||||
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Provided so that subclasses can populate additional information.
|
||||
*
|
||||
* @param request that the authentication request was received from
|
||||
*/
|
||||
protected void doPopulateAdditionalInformation(HttpServletRequest request) {
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user