Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-15 00:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson).

Browse Source
This commit is contained in:
Ben Alex 2004-07-15 23:27:59 +00:00
parent e3be8f20bb
commit 2f2b054b7a
3 changed files with 76 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.txt
View File

@ -12,6 +12,7 @@ Changes in version 0.6 (2004-xx-xx)
* Improved test coverage (now 98.3%) * Improved test coverage (now 98.3%)
* Fixed Linux compatibility issues (directory case sensitivity etc) * Fixed Linux compatibility issues (directory case sensitivity etc)
* Fixed AbstractProcessingFilter to handle servlet spec container differences * Fixed AbstractProcessingFilter to handle servlet spec container differences
* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue
* Fixed CasAuthenticationToken if proxy granting ticket callback not requested * Fixed CasAuthenticationToken if proxy granting ticket callback not requested
* Documentation improvements * Documentation improvements

7
contributors.txt
View File

@ -20,4 +20,11 @@ contributions to the Acegi Security System for Spring project:
public automated Maven build at the Monkey Machine public automated Maven build at the Monkey Machine
(http://www.monkeymachine.co.uk/acegi). (http://www.monkeymachine.co.uk/acegi).
* Patrick Burleson contributed a patch for Weblogic support.
* Anyone else I've forgotten (please let me know so I can correct this).
Plus of course all the people who use the project and provide feedback, bug
reports, suggestions and help fellow users.
$Id$ $Id$

119
core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java
View File

@ -67,8 +67,14 @@ import javax.servlet.ServletResponse;
* SecureContext}, one will be created. The created object will be of the * SecureContext}, one will be created. The created object will be of the
* instance defined by the {@link #setSecureContext(Class)} method. * instance defined by the {@link #setSecureContext(Class)} method.
* </p> * </p>
*
* <P>
* This filter will only execute once per request, to resolve servlet container
* (specifically Weblogic) incompatibilities.
* </p>
* *
* @author Ben Alex * @author Ben Alex
* @author Patrick Burleson
* @version $Id$ * @version $Id$
*/ */
public abstract class AbstractIntegrationFilter implements InitializingBean, public abstract class AbstractIntegrationFilter implements InitializingBean,
@ -76,6 +82,7 @@ public abstract class AbstractIntegrationFilter implements InitializingBean,
//~ Static fields/initializers ============================================= //~ Static fields/initializers =============================================
protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class); protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class);
private static final String FILTER_APPLIED = "__acegi_integration_fitlerapplied";
//~ Instance fields ======================================================== //~ Instance fields ========================================================
@ -114,68 +121,78 @@ public abstract class AbstractIntegrationFilter implements InitializingBean,
public void doFilter(ServletRequest request, ServletResponse response, public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException { FilterChain chain) throws IOException, ServletException {
// Populate authentication information if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
Object extracted = this.extractFromContainer(request); // ensure that filter is only applied once per request
chain.doFilter(request, response);
if (extracted instanceof Authentication) { } else {
if (logger.isDebugEnabled()) { if (request != null) {
logger.debug( request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
"Authentication added to ContextHolder from container");
} }
Authentication auth = (Authentication) extracted; // Populate authentication information
Object extracted = this.extractFromContainer(request);
// Get or create existing SecureContext if (extracted instanceof Authentication) {
SecureContext sc = null; if (logger.isDebugEnabled()) {
logger.debug(
if ((ContextHolder.getContext() == null) "Authentication added to ContextHolder from container");
|| !(ContextHolder.getContext() instanceof SecureContext)) {
try {
sc = (SecureContext) this.secureContext.newInstance();
} catch (InstantiationException ie) {
throw new ServletException(ie);
} catch (IllegalAccessException iae) {
throw new ServletException(iae);
} }
Authentication auth = (Authentication) extracted;
// Get or create existing SecureContext
SecureContext sc = null;
if ((ContextHolder.getContext() == null)
|| !(ContextHolder.getContext() instanceof SecureContext)) {
try {
sc = (SecureContext) this.secureContext.newInstance();
} catch (InstantiationException ie) {
throw new ServletException(ie);
} catch (IllegalAccessException iae) {
throw new ServletException(iae);
}
} else {
sc = (SecureContext) ContextHolder.getContext();
}
// Add Authentication to SecureContext, and save
sc.setAuthentication(auth);
ContextHolder.setContext((Context) sc);
} else { } else {
sc = (SecureContext) ContextHolder.getContext(); if (logger.isDebugEnabled()) {
logger.debug(
"Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)");
}
} }
// Add Authentication to SecureContext, and save // Proceed with chain
sc.setAuthentication(auth); chain.doFilter(request, response);
ContextHolder.setContext((Context) sc);
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)");
}
}
// Proceed with chain // Remove authentication information
chain.doFilter(request, response); if ((ContextHolder.getContext() != null)
&& ContextHolder.getContext() instanceof SecureContext) {
if (logger.isDebugEnabled()) {
logger.debug(
"Updating container with new Authentication object, and then removing Authentication from ContextHolder");
}
// Remove authentication information // Get context holder
if ((ContextHolder.getContext() != null) SecureContext secureContext = (SecureContext) ContextHolder
&& ContextHolder.getContext() instanceof SecureContext) { .getContext();
if (logger.isDebugEnabled()) {
logger.debug(
"Updating container with new Authentication object, and then removing Authentication from ContextHolder");
}
// Get context holder // Update container with new Authentication object (may have been updated during method invocation)
SecureContext secureContext = (SecureContext) ContextHolder this.commitToContainer(request,
.getContext(); secureContext.getAuthentication());
// Update container with new Authentication object (may have been updated during method invocation) // Remove authentication information from ContextHolder
this.commitToContainer(request, secureContext.getAuthentication()); secureContext.setAuthentication(null);
ContextHolder.setContext((Context) secureContext);
// Remove authentication information from ContextHolder } else {
secureContext.setAuthentication(null); if (logger.isDebugEnabled()) {
ContextHolder.setContext((Context) secureContext); logger.debug(
} else { "ContextHolder does not contain any authentication information");
if (logger.isDebugEnabled()) { }
logger.debug(
"ContextHolder does not contain any authentication information");
} }
} }
} }