Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 20:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.

Browse Source
This commit is contained in:
Luke Taylor 2005-11-23 16:09:44 +00:00
parent 58922e666a
commit 7847af2664
2 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
core/src/main/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocation.java
View File

@ -117,15 +117,18 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
+ securityContext); + securityContext);
} }
Object result = super.invoke(targetObject); try {
SecurityContextHolder.setContext(new SecurityContextImpl()); return super.invoke(targetObject);
if (logger.isDebugEnabled()) { } finally {
logger.debug(
"Set SecurityContext to new instance of SecurityContextImpl"); SecurityContextHolder.setContext(new SecurityContextImpl());
if (logger.isDebugEnabled()) {
logger.debug(
"Set SecurityContext to new instance of SecurityContextImpl");
}
} }
return result;
} }
} }

22
core/src/test/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocationTests.java
View File

@ -85,6 +85,28 @@ public class ContextPropagatingRemoteInvocationTests extends TestCase {
remoteInvocation.invoke(new TargetObject())); remoteInvocation.invoke(new TargetObject()));
} }
public void testContextIsResetEvenIfExceptionOccurs() throws Exception {
// Setup client-side context
Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("marissa",
"koala");
SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
try {
// Set up the wrong arguments.
remoteInvocation.setArguments(new Object[] {});
remoteInvocation.invoke(TargetObject.class.newInstance());
fail("Expected IllegalArgumentException");
} catch(IllegalArgumentException e) {
// expected
}
assertNull("Authentication must be null ", SecurityContextHolder.getContext().getAuthentication());
}
private ContextPropagatingRemoteInvocation getRemoteInvocation() private ContextPropagatingRemoteInvocation getRemoteInvocation()
throws Exception { throws Exception {
Class clazz = TargetObject.class; Class clazz = TargetObject.class;