Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.

This commit is contained in:
Luke Taylor 2007-08-28 20:16:19 +00:00
parent 27ef2caf45
commit ba88214d1d
1 changed files with 60 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -246,15 +246,41 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
/** /**
* Extracts the security context from the session (if available) and sets it on SecurityContextHolder. * Extracts the security context from the session (if available) and sets it on SecurityContextHolder.
* <p/>
* If the session is null, the context object is null or the context object stored in the session
* is not an instance of SecurityContext it will generate a new empty context and store this.
* *
* @param httpSession the session obtained from the request. * @param httpSession the session obtained from the request.
*/ */
private void populateSecurityContextFromSession(HttpSession httpSession) throws ServletException { private void populateSecurityContextFromSession(HttpSession httpSession) throws ServletException {
if (httpSession != null) { if (httpSession == null) {
if (logger.isDebugEnabled()) {
logger.debug("No HttpSession currently exists - new SecurityContext instance "
+ "associated with SecurityContextHolder");
}
SecurityContextHolder.setContext(generateNewContext());
return;
}
// Session exists, so try to obtain a context from it.
Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY); Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
if (contextFromSessionObject != null) { if (contextFromSessionObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+ "SecurityContext instance associated with SecurityContextHolder");
}
SecurityContextHolder.setContext(generateNewContext());
return;
}
// We now have the security context object from the session.
// Clone if required (see SEC-356) // Clone if required (see SEC-356)
if (cloneFromHttpSession) { if (cloneFromHttpSession) {
Assert.isInstanceOf(Cloneable.class, contextFromSessionObject, Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
@ -289,22 +315,6 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
+ "SecurityContextHolder"); + "SecurityContextHolder");
} }
SecurityContextHolder.setContext(generateNewContext());
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
+ "SecurityContext instance associated with SecurityContextHolder");
}
SecurityContextHolder.setContext(generateNewContext());
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("No HttpSession currently exists - new SecurityContext instance "
+ "associated with SecurityContextHolder");
}
SecurityContextHolder.setContext(generateNewContext()); SecurityContextHolder.setContext(generateNewContext());
} }
} }