Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-13 22:03:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.

Browse Source
This commit is contained in:
Luke Taylor 2007-08-28 18:26:04 +00:00
parent 6fe00b3433
commit 6651a240de
1 changed files with 268 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -36,8 +36,8 @@ import org.springframework.util.ReflectionUtils;
/** /**
* Populates the {@link SecurityContextHolder} with information obtained from * Populates the {@link SecurityContextHolder} with information obtained from
* the <code>HttpSession</code>. * the <code>HttpSession</code>.
* * <p/>
* <p> * <p/>
* The <code>HttpSession</code> will be queried to retrieve the * The <code>HttpSession</code> will be queried to retrieve the
* <code>SecurityContext</code> that should be stored against the * <code>SecurityContext</code> that should be stored against the
* <code>SecurityContextHolder</code> for the duration of the web request. At * <code>SecurityContextHolder</code> for the duration of the web request. At
@ -45,7 +45,7 @@ import org.springframework.util.ReflectionUtils;
* <code>SecurityContextHolder</code> will be persisted back to the * <code>SecurityContextHolder</code> will be persisted back to the
* <code>HttpSession</code> by this filter. * <code>HttpSession</code> by this filter.
* </p> * </p>
* <p> * <p/>
* If a valid <code>SecurityContext</code> cannot be obtained from the * If a valid <code>SecurityContext</code> cannot be obtained from the
* <code>HttpSession</code> for whatever reason, a fresh * <code>HttpSession</code> for whatever reason, a fresh
* <code>SecurityContext</code> will be created and used instead. The created * <code>SecurityContext</code> will be created and used instead. The created
@ -53,7 +53,7 @@ import org.springframework.util.ReflectionUtils;
* method (which defaults to {@link * method (which defaults to {@link
* org.acegisecurity.context.SecurityContextImpl}. * org.acegisecurity.context.SecurityContextImpl}.
* </p> * </p>
* <p> * <p/>
* No <code>HttpSession</code> will be created by this filter if one does not * No <code>HttpSession</code> will be created by this filter if one does not
* already exist. If at the end of the web request the <code>HttpSession</code> * already exist. If at the end of the web request the <code>HttpSession</code>
* does not exist, a <code>HttpSession</code> will <b>only</b> be created if * does not exist, a <code>HttpSession</code> will <b>only</b> be created if
@ -67,11 +67,11 @@ import org.springframework.util.ReflectionUtils;
* irrespective of normal session-minimisation logic (the default is * irrespective of normal session-minimisation logic (the default is
* <code>false</code>, as this is resource intensive and not recommended). * <code>false</code>, as this is resource intensive and not recommended).
* </p> * </p>
* <p> * <p/>
* This filter will only execute once per request, to resolve servlet container * This filter will only execute once per request, to resolve servlet container
* (specifically Weblogic) incompatibilities. * (specifically Weblogic) incompatibilities.
* </p> * </p>
* <p> * <p/>
* If for whatever reason no <code>HttpSession</code> should <b>ever</b> be * If for whatever reason no <code>HttpSession</code> should <b>ever</b> be
* created (eg this filter is only being used with Basic authentication or * created (eg this filter is only being used with Basic authentication or
* similar clients that will never present the same <code>jsessionid</code> * similar clients that will never present the same <code>jsessionid</code>
@ -84,7 +84,7 @@ import org.springframework.util.ReflectionUtils;
* <code>true</code> (setting it to <code>false</code> will cause a startup * <code>true</code> (setting it to <code>false</code> will cause a startup
* time error). * time error).
* </p> * </p>
* <p> * <p/>
* This filter MUST be executed BEFORE any authentication processing mechanisms. * This filter MUST be executed BEFORE any authentication processing mechanisms.
* Authentication processing mechanisms (eg BASIC, CAS processing filters etc) * Authentication processing mechanisms (eg BASIC, CAS processing filters etc)
* expect the <code>SecurityContextHolder</code> to contain a valid * expect the <code>SecurityContextHolder</code> to contain a valid
@ -192,12 +192,13 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException { ServletException {
boolean filterApplied = false;
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) { if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request // ensure that filter is only applied once per request
chain.doFilter(request, response); chain.doFilter(request, response);
return;
} }
else {
HttpSession httpSession = null; HttpSession httpSession = null;
boolean httpSessionExistedAtStartOfRequest = false; boolean httpSessionExistedAtStartOfRequest = false;
@ -236,8 +237,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
} }
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject); SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
} } else {
else {
if (logger.isWarnEnabled()) { if (logger.isWarnEnabled()) {
logger logger
.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '" .warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
@ -250,8 +250,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
SecurityContextHolder.setContext(generateNewContext()); SecurityContextHolder.setContext(generateNewContext());
} }
} } else {
else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new " logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+ "SecurityContext instance associated with SecurityContextHolder"); + "SecurityContext instance associated with SecurityContextHolder");
@ -259,8 +258,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
SecurityContextHolder.setContext(generateNewContext()); SecurityContextHolder.setContext(generateNewContext());
} }
} } else {
else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("No HttpSession currently exists - new SecurityContext instance " logger.debug("No HttpSession currently exists - new SecurityContext instance "
+ "associated with SecurityContextHolder"); + "associated with SecurityContextHolder");
@ -276,10 +274,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
// Proceed with chain // Proceed with chain
int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode(); int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode();
boolean filterApplied = true;
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
try { try {
filterApplied = true;
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
chain.doFilter(request, response); chain.doFilter(request, response);
} catch (IOException ioe) { } catch (IOException ioe) {
throw ioe; throw ioe;
@ -312,8 +311,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
+ "(because the allowSessionCreation property is false) - SecurityContext thus not " + "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request"); + "stored for next request");
} }
} } else if (!contextObject.equals(SecurityContextHolder.getContext())) {
else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
} }
@ -323,8 +321,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
} }
catch (IllegalStateException ignored) { catch (IllegalStateException ignored) {
} }
} } else {
else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " .debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
@ -360,7 +357,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
} }
} }
} }
}
public SecurityContext generateNewContext() throws ServletException { public SecurityContext generateNewContext() throws ServletException {
try { try {
@ -382,7 +378,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
* Does nothing. We use IoC container lifecycle services instead. * Does nothing. We use IoC container lifecycle services instead.
* *
* @param filterConfig ignored * @param filterConfig ignored
*
* @throws ServletException ignored * @throws ServletException ignored
*/ */
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {