Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-01 00:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve debug output.

Browse Source
This commit is contained in:
Ben Alex 2005-11-03 06:51:30 +00:00
parent 2cbe42f493
commit 3811200599
1 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package net.sf.acegisecurity.context; package net.sf.acegisecurity.context;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -96,9 +97,14 @@ import javax.servlet.http.HttpSession;
*/ */
public class HttpSessionContextIntegrationFilter implements InitializingBean, public class HttpSessionContextIntegrationFilter implements InitializingBean,
Filter { Filter {
//~ Static fields/initializers =============================================
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class); protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
private static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied"; private static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT"; public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
//~ Instance fields ========================================================
private Class context = SecurityContextImpl.class; private Class context = SecurityContextImpl.class;
private Object contextObject; private Object contextObject;
@ -109,6 +115,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
*/ */
private boolean allowSessionCreation = true; private boolean allowSessionCreation = true;
//~ Methods ================================================================
public void setAllowSessionCreation(boolean allowSessionCreation) { public void setAllowSessionCreation(boolean allowSessionCreation) {
this.allowSessionCreation = allowSessionCreation; this.allowSessionCreation = allowSessionCreation;
} }
@ -126,10 +134,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
} }
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
if ((this.context == null) || if ((this.context == null)
(!SecurityContext.class.isAssignableFrom(this.context))) { || (!SecurityContext.class.isAssignableFrom(this.context))) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"context must be defined and implement SecurityContext (typically use net.sf.acegisecurity.context.SecurityContextImpl)"); "context must be defined and implement SecurityContext (typically use net.sf.acegisecurity.context.SecurityContextImpl; existing class is "
+ this.context + ")");
} }
this.contextObject = generateNewContext(); this.contextObject = generateNewContext();
@ -138,13 +147,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
/** /**
* Does nothing. We use IoC container lifecycle services instead. * Does nothing. We use IoC container lifecycle services instead.
*/ */
public void destroy() { public void destroy() {}
}
public void doFilter(ServletRequest request, ServletResponse response, public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException { FilterChain chain) throws IOException, ServletException {
if ((request != null) && if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
(request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request // ensure that filter is only applied once per request
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
@ -157,8 +164,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
try { try {
httpSession = ((HttpServletRequest) request).getSession(false); httpSession = ((HttpServletRequest) request).getSession(false);
} catch (IllegalStateException ignored) { } catch (IllegalStateException ignored) {}
}
if (httpSession != null) { if (httpSession != null) {
httpSessionExistedAtStartOfRequest = true; httpSessionExistedAtStartOfRequest = true;
@ -169,17 +175,17 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
if (contextFromSessionObject instanceof SecurityContext) { if (contextFromSessionObject instanceof SecurityContext) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug( logger.debug(
"Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '" + "Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '"
contextFromSessionObject + "'"); + contextFromSessionObject + "'");
} }
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject); SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
} else { } else {
if (logger.isWarnEnabled()) { if (logger.isWarnEnabled()) {
logger.warn( logger.warn(
"ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '" + "ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
contextFromSessionObject + + contextFromSessionObject
"'; are you improperly modifying the HttpSession directly (you should always use SecurityContextHolder) or using the HttpSession attribute reserved for this class? - new SecurityContext instance associated with SecurityContextHolder"); + "'; are you improperly modifying the HttpSession directly (you should always use SecurityContextHolder) or using the HttpSession attribute reserved for this class? - new SecurityContext instance associated with SecurityContextHolder");
} }
SecurityContextHolder.setContext(generateNewContext()); SecurityContextHolder.setContext(generateNewContext());
@ -221,11 +227,9 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
// Store context back to HttpSession // Store context back to HttpSession
try { try {
httpSession = ((HttpServletRequest) request).getSession(false); httpSession = ((HttpServletRequest) request).getSession(false);
} catch (IllegalStateException ignored) { } catch (IllegalStateException ignored) {}
}
if ((httpSession == null) && if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
httpSessionExistedAtStartOfRequest) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug( logger.debug(
"HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session"); "HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
@ -233,8 +237,8 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
} }
// Generate a HttpSession only if we need to // Generate a HttpSession only if we need to
if ((httpSession == null) && if ((httpSession == null)
!httpSessionExistedAtStartOfRequest) { && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) { if (!allowSessionCreation) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug( logger.debug(
@ -248,29 +252,29 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
} }
try { try {
httpSession = ((HttpServletRequest) request).getSession(true); httpSession = ((HttpServletRequest) request)
} catch (IllegalStateException ignored) { .getSession(true);
} } catch (IllegalStateException ignored) {}
} else { } else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug( logger.debug(
"HttpSession is null, but SecurityContextHolder has not changed from default: ' " + "HttpSession is null, but SecurityContextHolder has not changed from default: ' "
SecurityContextHolder.getContext() + + SecurityContextHolder.getContext()
"'; not creating HttpSession or storing SecurityContextHolder contents"); + "'; not creating HttpSession or storing SecurityContextHolder contents");
} }
} }
} }
// If HttpSession exists, store current SecurityContextHolder contents // If HttpSession exists, store current SecurityContextHolder contents
// but only if SecurityContext has actually changed (see JIRA SEC-37) // but only if SecurityContext has actually changed (see JIRA SEC-37)
if ((httpSession != null) && if ((httpSession != null)
(SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) { && (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext()); SecurityContextHolder.getContext());
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("SecurityContext stored to HttpSession: '" + logger.debug("SecurityContext stored to HttpSession: '"
SecurityContextHolder.getContext() + "'"); + SecurityContextHolder.getContext() + "'");
} }
} }
@ -302,6 +306,5 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean,
* *
* @throws ServletException ignored * @throws ServletException ignored
*/ */
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {}
}
} }