Replaced massive if/else with guard clause to reduce nesting. Moved declaration of filterApplied boolean to where it is actually set. It is only used when removing the attribute from the request at the end of the invocation, so should probably not be needed at all. request.removeAttribute() can be called regardless of whether the attribute is set or not.
This commit is contained in:
Luke Taylor
parent
6fe00b3433
commit
6651a240de
|
|
@ -36,8 +36,8 @@ import org.springframework.util.ReflectionUtils;
|
|||
/**
|
||||
* Populates the {@link SecurityContextHolder} with information obtained from
|
||||
* the <code>HttpSession</code>.
|
||||
*
|
||||
* <p>
|
||||
* <p/>
|
||||
* <p/>
|
||||
* The <code>HttpSession</code> will be queried to retrieve the
|
||||
* <code>SecurityContext</code> that should be stored against the
|
||||
* <code>SecurityContextHolder</code> for the duration of the web request. At
|
||||
|
|
@ -45,7 +45,7 @@ import org.springframework.util.ReflectionUtils;
|
|||
* <code>SecurityContextHolder</code> will be persisted back to the
|
||||
* <code>HttpSession</code> by this filter.
|
||||
* </p>
|
||||
* <p>
|
||||
* <p/>
|
||||
* If a valid <code>SecurityContext</code> cannot be obtained from the
|
||||
* <code>HttpSession</code> for whatever reason, a fresh
|
||||
* <code>SecurityContext</code> will be created and used instead. The created
|
||||
|
|
@ -53,7 +53,7 @@ import org.springframework.util.ReflectionUtils;
|
|||
* method (which defaults to {@link
|
||||
* org.acegisecurity.context.SecurityContextImpl}.
|
||||
* </p>
|
||||
* <p>
|
||||
* <p/>
|
||||
* No <code>HttpSession</code> will be created by this filter if one does not
|
||||
* already exist. If at the end of the web request the <code>HttpSession</code>
|
||||
* does not exist, a <code>HttpSession</code> will <b>only</b> be created if
|
||||
|
|
@ -67,11 +67,11 @@ import org.springframework.util.ReflectionUtils;
|
|||
* irrespective of normal session-minimisation logic (the default is
|
||||
* <code>false</code>, as this is resource intensive and not recommended).
|
||||
* </p>
|
||||
* <p>
|
||||
* <p/>
|
||||
* This filter will only execute once per request, to resolve servlet container
|
||||
* (specifically Weblogic) incompatibilities.
|
||||
* </p>
|
||||
* <p>
|
||||
* <p/>
|
||||
* If for whatever reason no <code>HttpSession</code> should <b>ever</b> be
|
||||
* created (eg this filter is only being used with Basic authentication or
|
||||
* similar clients that will never present the same <code>jsessionid</code>
|
||||
|
|
@ -84,7 +84,7 @@ import org.springframework.util.ReflectionUtils;
|
|||
* <code>true</code> (setting it to <code>false</code> will cause a startup
|
||||
* time error).
|
||||
* </p>
|
||||
* <p>
|
||||
* <p/>
|
||||
* This filter MUST be executed BEFORE any authentication processing mechanisms.
|
||||
* Authentication processing mechanisms (eg BASIC, CAS processing filters etc)
|
||||
* expect the <code>SecurityContextHolder</code> to contain a valid
|
||||
|
|
@ -192,12 +192,13 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
boolean filterApplied = false;
|
||||
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
|
||||
// ensure that filter is only applied once per request
|
||||
chain.doFilter(request, response);
|
||||
|
||||
return;
|
||||
}
|
||||
else {
|
||||
|
||||
HttpSession httpSession = null;
|
||||
boolean httpSessionExistedAtStartOfRequest = false;
|
||||
|
||||
|
|
@ -236,8 +237,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
}
|
||||
|
||||
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (logger.isWarnEnabled()) {
|
||||
logger
|
||||
.warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
|
||||
|
|
@ -250,8 +250,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
|
||||
SecurityContextHolder.setContext(generateNewContext());
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
|
||||
+ "SecurityContext instance associated with SecurityContextHolder");
|
||||
|
|
@ -259,8 +258,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
|
||||
SecurityContextHolder.setContext(generateNewContext());
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("No HttpSession currently exists - new SecurityContext instance "
|
||||
+ "associated with SecurityContextHolder");
|
||||
|
|
@ -276,10 +274,11 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
|
||||
// Proceed with chain
|
||||
int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode();
|
||||
boolean filterApplied = true;
|
||||
|
||||
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
|
||||
|
||||
try {
|
||||
filterApplied = true;
|
||||
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
|
||||
chain.doFilter(request, response);
|
||||
} catch (IOException ioe) {
|
||||
throw ioe;
|
||||
|
|
@ -312,8 +311,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
|
||||
+ "stored for next request");
|
||||
}
|
||||
}
|
||||
else if (!contextObject.equals(SecurityContextHolder.getContext())) {
|
||||
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
|
||||
}
|
||||
|
|
@ -323,8 +321,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
}
|
||||
catch (IllegalStateException ignored) {
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger
|
||||
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
|
||||
|
|
@ -360,7 +357,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public SecurityContext generateNewContext() throws ServletException {
|
||||
try {
|
||||
|
|
@ -382,7 +378,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
|
|||
* Does nothing. We use IoC container lifecycle services instead.
|
||||
*
|
||||
* @param filterConfig ignored
|
||||
*
|
||||
* @throws ServletException ignored
|
||||
*/
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
|
|
|
|||
Loading…
Reference in New Issue