diff --git a/changelog.txt b/changelog.txt
index de3a69d25b..438f2619e3 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -2,6 +2,7 @@ Changes in version 0.6 (2004-xx-xx)
-----------------------------------
* Added feature so DaoAuthenticationProvider returns User in Authentication
+* Added AbstractIntegrationFilter.secureContext property for custom contexts
* Refactored User to UserDetails interface
* Fixed Linux compatibility issues (directory case sensitivity etc)
* Fixed AbstractProcessingFilter to handle servlet spec container differences
diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java
index c428288d9e..c429f667e2 100644
--- a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java
@@ -24,6 +24,8 @@ import net.sf.acegisecurity.context.SecureContextImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.InitializingBean;
+
import java.io.IOException;
import javax.servlet.Filter;
@@ -59,17 +61,44 @@ import javax.servlet.ServletResponse;
* be obtained from the well-known location. It will simply continue the
* filter chain as normal.
*
+ *
+ *
+ * If the ContextHolder does not contain a valid {@link
+ * SecureContext}, one will be created. The created object will be of the
+ * instance defined by the {@link #setSecureContext(Class)} method.
+ *
*
* @author Ben Alex
* @version $Id$
*/
-public abstract class AbstractIntegrationFilter implements Filter {
+public abstract class AbstractIntegrationFilter implements InitializingBean,
+ Filter {
//~ Static fields/initializers =============================================
protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class);
+ //~ Instance fields ========================================================
+
+ private Class secureContext = SecureContextImpl.class;
+
//~ Methods ================================================================
+ public void setSecureContext(Class secureContext) {
+ this.secureContext = secureContext;
+ }
+
+ public Class getSecureContext() {
+ return secureContext;
+ }
+
+ public void afterPropertiesSet() throws Exception {
+ if ((this.secureContext == null)
+ || (!this.secureContext.isAssignableFrom(SecureContext.class))) {
+ throw new IllegalArgumentException(
+ "secureContext must be defined and implement SecureContext");
+ }
+ }
+
/**
* Writes a new Authentication object to the container's
* well-known location, if supported the subclass.
@@ -97,18 +126,24 @@ public abstract class AbstractIntegrationFilter implements Filter {
Authentication auth = (Authentication) extracted;
// Get or create existing SecureContext
- SecureContext secureContext = null;
+ SecureContext sc = null;
if ((ContextHolder.getContext() == null)
|| !(ContextHolder.getContext() instanceof SecureContext)) {
- secureContext = new SecureContextImpl();
+ try {
+ sc = (SecureContext) this.secureContext.newInstance();
+ } catch (InstantiationException ie) {
+ throw new ServletException(ie);
+ } catch (IllegalAccessException iae) {
+ throw new ServletException(iae);
+ }
} else {
- secureContext = (SecureContext) ContextHolder.getContext();
+ sc = (SecureContext) ContextHolder.getContext();
}
// Add Authentication to SecureContext, and save
- secureContext.setAuthentication(auth);
- ContextHolder.setContext((Context) secureContext);
+ sc.setAuthentication(auth);
+ ContextHolder.setContext((Context) sc);
} else {
if (logger.isDebugEnabled()) {
logger.debug(