root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 19 Packages Projects Releases Wiki Activity

SEC-539: Extracted storeSecurityContextInSession() method.

This commit is contained in:
Luke Taylor 2007-08-28 19:54:24 +00:00
parent bcf69cbe3d
commit e8d11f28f2
1 changed files with 63 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -232,62 +232,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
finally { finally {
// do clean up, even if there was an exception // do clean up, even if there was an exception
// Store context back to HttpSession // Store context back to HttpSession
try { storeSecurityContextInSession(request, httpSessionExistedAtStartOfRequest, contextWhenChainProceeded);
httpSession = ((HttpServletRequest) request).getSession(false);
}
catch (IllegalStateException ignored) {
}
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession is now null, but was not null at start of request; "
+ "session was invalidated, so do not create a new session");
}
}
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
} else {
if (logger.isDebugEnabled()) {
logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
}
}
// If HttpSession exists, store current
// SecurityContextHolder contents but only if
// SecurityContext has
// actually changed (see JIRA SEC-37)
if ((httpSession != null)
&& (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext stored to HttpSession: '" + SecurityContextHolder.getContext()
+ "'");
}
}
if (filterApplied) { if (filterApplied) {
request.removeAttribute(FILTER_APPLIED); request.removeAttribute(FILTER_APPLIED);
@ -367,6 +312,68 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
} }
} }
private void storeSecurityContextInSession(ServletRequest request,
boolean httpSessionExistedAtStartOfRequest,
int contextWhenChainProceeded) {
HttpSession httpSession = null;
try {
httpSession = ((HttpServletRequest) request).getSession(false);
}
catch (IllegalStateException ignored) {
}
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession is now null, but was not null at start of request; "
+ "session was invalidated, so do not create a new session");
}
}
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
} else {
if (logger.isDebugEnabled()) {
logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
}
}
// If HttpSession exists, store current
// SecurityContextHolder contents but only if
// SecurityContext has
// actually changed (see JIRA SEC-37)
if ((httpSession != null)
&& (SecurityContextHolder.getContext().hashCode() != contextWhenChainProceeded)) {
httpSession.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext stored to HttpSession: '" + SecurityContextHolder.getContext()
+ "'");
}
}
}
public SecurityContext generateNewContext() throws ServletException { public SecurityContext generateNewContext() throws ServletException {
try { try {
return (SecurityContext) this.context.newInstance(); return (SecurityContext) this.context.newInstance();