Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 04:52:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.

Browse Source
This commit is contained in:
Luke Taylor 2005-11-23 16:09:44 +00:00
parent 58922e666a
commit 7847af2664
2 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/src/main/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocation.java
View File

@ -117,7 +117,11 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
+ securityContext); + securityContext);
} }
Object result = super.invoke(targetObject); try {
return super.invoke(targetObject);
} finally {
SecurityContextHolder.setContext(new SecurityContextImpl()); SecurityContextHolder.setContext(new SecurityContextImpl());
@ -125,7 +129,6 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
logger.debug( logger.debug(
"Set SecurityContext to new instance of SecurityContextImpl"); "Set SecurityContext to new instance of SecurityContextImpl");
} }
}
return result;
} }
} }

22
core/src/test/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocationTests.java
View File

@ -85,6 +85,28 @@ public class ContextPropagatingRemoteInvocationTests extends TestCase {
remoteInvocation.invoke(new TargetObject())); remoteInvocation.invoke(new TargetObject()));
} }
public void testContextIsResetEvenIfExceptionOccurs() throws Exception {
// Setup client-side context
Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("marissa",
"koala");
SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
try {
// Set up the wrong arguments.
remoteInvocation.setArguments(new Object[] {});
remoteInvocation.invoke(TargetObject.class.newInstance());
fail("Expected IllegalArgumentException");
} catch(IllegalArgumentException e) {
// expected
}
assertNull("Authentication must be null ", SecurityContextHolder.getContext().getAuthentication());
}
private ContextPropagatingRemoteInvocation getRemoteInvocation() private ContextPropagatingRemoteInvocation getRemoteInvocation()
throws Exception { throws Exception {
Class clazz = TargetObject.class; Class clazz = TargetObject.class;