From 2f2b054b7aa38e939bbae1dfde1b61a21b6347c5 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 15 Jul 2004 23:27:59 +0000 Subject: [PATCH] Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson). --- changelog.txt | 1 + contributors.txt | 7 ++ .../ui/AbstractIntegrationFilter.java | 119 ++++++++++-------- 3 files changed, 76 insertions(+), 51 deletions(-) diff --git a/changelog.txt b/changelog.txt index 1e41d387f0..b324729fc1 100644 --- a/changelog.txt +++ b/changelog.txt @@ -12,6 +12,7 @@ Changes in version 0.6 (2004-xx-xx) * Improved test coverage (now 98.3%) * Fixed Linux compatibility issues (directory case sensitivity etc) * Fixed AbstractProcessingFilter to handle servlet spec container differences +* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue * Fixed CasAuthenticationToken if proxy granting ticket callback not requested * Documentation improvements diff --git a/contributors.txt b/contributors.txt index cad5892abd..2e7702050c 100644 --- a/contributors.txt +++ b/contributors.txt @@ -20,4 +20,11 @@ contributions to the Acegi Security System for Spring project: public automated Maven build at the Monkey Machine (http://www.monkeymachine.co.uk/acegi). +* Patrick Burleson contributed a patch for Weblogic support. + +* Anyone else I've forgotten (please let me know so I can correct this). + +Plus of course all the people who use the project and provide feedback, bug +reports, suggestions and help fellow users. + $Id$ diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java index c429f667e2..37d332281d 100644 --- a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java @@ -67,8 +67,14 @@ import javax.servlet.ServletResponse; * SecureContext}, one will be created. The created object will be of the * instance defined by the {@link #setSecureContext(Class)} method. *

+ * + *

+ * This filter will only execute once per request, to resolve servlet container + * (specifically Weblogic) incompatibilities. + *

* * @author Ben Alex + * @author Patrick Burleson * @version $Id$ */ public abstract class AbstractIntegrationFilter implements InitializingBean, @@ -76,6 +82,7 @@ public abstract class AbstractIntegrationFilter implements InitializingBean, //~ Static fields/initializers ============================================= protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class); + private static final String FILTER_APPLIED = "__acegi_integration_fitlerapplied"; //~ Instance fields ======================================================== @@ -114,68 +121,78 @@ public abstract class AbstractIntegrationFilter implements InitializingBean, public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - // Populate authentication information - Object extracted = this.extractFromContainer(request); - - if (extracted instanceof Authentication) { - if (logger.isDebugEnabled()) { - logger.debug( - "Authentication added to ContextHolder from container"); + if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) { + // ensure that filter is only applied once per request + chain.doFilter(request, response); + } else { + if (request != null) { + request.setAttribute(FILTER_APPLIED, Boolean.TRUE); } - Authentication auth = (Authentication) extracted; + // Populate authentication information + Object extracted = this.extractFromContainer(request); - // Get or create existing SecureContext - SecureContext sc = null; - - if ((ContextHolder.getContext() == null) - || !(ContextHolder.getContext() instanceof SecureContext)) { - try { - sc = (SecureContext) this.secureContext.newInstance(); - } catch (InstantiationException ie) { - throw new ServletException(ie); - } catch (IllegalAccessException iae) { - throw new ServletException(iae); + if (extracted instanceof Authentication) { + if (logger.isDebugEnabled()) { + logger.debug( + "Authentication added to ContextHolder from container"); } + + Authentication auth = (Authentication) extracted; + + // Get or create existing SecureContext + SecureContext sc = null; + + if ((ContextHolder.getContext() == null) + || !(ContextHolder.getContext() instanceof SecureContext)) { + try { + sc = (SecureContext) this.secureContext.newInstance(); + } catch (InstantiationException ie) { + throw new ServletException(ie); + } catch (IllegalAccessException iae) { + throw new ServletException(iae); + } + } else { + sc = (SecureContext) ContextHolder.getContext(); + } + + // Add Authentication to SecureContext, and save + sc.setAuthentication(auth); + ContextHolder.setContext((Context) sc); } else { - sc = (SecureContext) ContextHolder.getContext(); + if (logger.isDebugEnabled()) { + logger.debug( + "Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)"); + } } - // Add Authentication to SecureContext, and save - sc.setAuthentication(auth); - ContextHolder.setContext((Context) sc); - } else { - if (logger.isDebugEnabled()) { - logger.debug( - "Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)"); - } - } + // Proceed with chain + chain.doFilter(request, response); - // Proceed with chain - chain.doFilter(request, response); + // Remove authentication information + if ((ContextHolder.getContext() != null) + && ContextHolder.getContext() instanceof SecureContext) { + if (logger.isDebugEnabled()) { + logger.debug( + "Updating container with new Authentication object, and then removing Authentication from ContextHolder"); + } - // Remove authentication information - if ((ContextHolder.getContext() != null) - && ContextHolder.getContext() instanceof SecureContext) { - if (logger.isDebugEnabled()) { - logger.debug( - "Updating container with new Authentication object, and then removing Authentication from ContextHolder"); - } + // Get context holder + SecureContext secureContext = (SecureContext) ContextHolder + .getContext(); - // Get context holder - SecureContext secureContext = (SecureContext) ContextHolder - .getContext(); + // Update container with new Authentication object (may have been updated during method invocation) + this.commitToContainer(request, + secureContext.getAuthentication()); - // Update container with new Authentication object (may have been updated during method invocation) - this.commitToContainer(request, secureContext.getAuthentication()); - - // Remove authentication information from ContextHolder - secureContext.setAuthentication(null); - ContextHolder.setContext((Context) secureContext); - } else { - if (logger.isDebugEnabled()) { - logger.debug( - "ContextHolder does not contain any authentication information"); + // Remove authentication information from ContextHolder + secureContext.setAuthentication(null); + ContextHolder.setContext((Context) secureContext); + } else { + if (logger.isDebugEnabled()) { + logger.debug( + "ContextHolder does not contain any authentication information"); + } } } }