From fe91639b15553688a5f8b22030b8bdef85d5433e Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Tue, 29 Jun 2004 23:28:59 +0000 Subject: [PATCH] Allow custom SecureContext implementations to be selected by user. --- changelog.txt | 1 + .../ui/AbstractIntegrationFilter.java | 47 ++++++++++++++++--- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/changelog.txt b/changelog.txt index de3a69d25b..438f2619e3 100644 --- a/changelog.txt +++ b/changelog.txt @@ -2,6 +2,7 @@ Changes in version 0.6 (2004-xx-xx) ----------------------------------- * Added feature so DaoAuthenticationProvider returns User in Authentication +* Added AbstractIntegrationFilter.secureContext property for custom contexts * Refactored User to UserDetails interface * Fixed Linux compatibility issues (directory case sensitivity etc) * Fixed AbstractProcessingFilter to handle servlet spec container differences diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java index c428288d9e..c429f667e2 100644 --- a/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java @@ -24,6 +24,8 @@ import net.sf.acegisecurity.context.SecureContextImpl; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.InitializingBean; + import java.io.IOException; import javax.servlet.Filter; @@ -59,17 +61,44 @@ import javax.servlet.ServletResponse; * be obtained from the well-known location. It will simply continue the * filter chain as normal. *

+ * + *

+ * If the ContextHolder does not contain a valid {@link + * SecureContext}, one will be created. The created object will be of the + * instance defined by the {@link #setSecureContext(Class)} method. + *

* * @author Ben Alex * @version $Id$ */ -public abstract class AbstractIntegrationFilter implements Filter { +public abstract class AbstractIntegrationFilter implements InitializingBean, + Filter { //~ Static fields/initializers ============================================= protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class); + //~ Instance fields ======================================================== + + private Class secureContext = SecureContextImpl.class; + //~ Methods ================================================================ + public void setSecureContext(Class secureContext) { + this.secureContext = secureContext; + } + + public Class getSecureContext() { + return secureContext; + } + + public void afterPropertiesSet() throws Exception { + if ((this.secureContext == null) + || (!this.secureContext.isAssignableFrom(SecureContext.class))) { + throw new IllegalArgumentException( + "secureContext must be defined and implement SecureContext"); + } + } + /** * Writes a new Authentication object to the container's * well-known location, if supported the subclass. @@ -97,18 +126,24 @@ public abstract class AbstractIntegrationFilter implements Filter { Authentication auth = (Authentication) extracted; // Get or create existing SecureContext - SecureContext secureContext = null; + SecureContext sc = null; if ((ContextHolder.getContext() == null) || !(ContextHolder.getContext() instanceof SecureContext)) { - secureContext = new SecureContextImpl(); + try { + sc = (SecureContext) this.secureContext.newInstance(); + } catch (InstantiationException ie) { + throw new ServletException(ie); + } catch (IllegalAccessException iae) { + throw new ServletException(iae); + } } else { - secureContext = (SecureContext) ContextHolder.getContext(); + sc = (SecureContext) ContextHolder.getContext(); } // Add Authentication to SecureContext, and save - secureContext.setAuthentication(auth); - ContextHolder.setContext((Context) secureContext); + sc.setAuthentication(auth); + ContextHolder.setContext((Context) sc); } else { if (logger.isDebugEnabled()) { logger.debug(