Allow custom SecureContext implementations to be selected by user.

changelog.txt

@@ -2,6 +2,7 @@ Changes in version 0.6 (2004-xx-xx)
 -----------------------------------
 
 * Added feature so DaoAuthenticationProvider returns User in Authentication
+* Added AbstractIntegrationFilter.secureContext property for custom contexts
 * Refactored User to UserDetails interface
 * Fixed Linux compatibility issues (directory case sensitivity etc)
 * Fixed AbstractProcessingFilter to handle servlet spec container differences

core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java

@@ -24,6 +24,8 @@ import net.sf.acegisecurity.context.SecureContextImpl;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.springframework.beans.factory.InitializingBean;
+
 import java.io.IOException;
 
 import javax.servlet.Filter;
@@ -60,16 +62,43 @@ import javax.servlet.ServletResponse;
  * filter chain as normal.
  * </p>
  * 
+ * <p>
+ * If the <code>ContextHolder</code> does not contain a valid {@link
+ * SecureContext}, one will be created. The created object will be of the
+ * instance defined by the {@link #setSecureContext(Class)} method.
+ * </p>
+ *
  * @author Ben Alex
  * @version $Id$
  */
-public abstract class AbstractIntegrationFilter implements Filter {
+public abstract class AbstractIntegrationFilter implements InitializingBean,
+    Filter {
     //~ Static fields/initializers =============================================
 
     protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class);
 
+    //~ Instance fields ========================================================
+
+    private Class secureContext = SecureContextImpl.class;
+
     //~ Methods ================================================================
 
+    public void setSecureContext(Class secureContext) {
+        this.secureContext = secureContext;
+    }
+
+    public Class getSecureContext() {
+        return secureContext;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        if ((this.secureContext == null)
+            || (!this.secureContext.isAssignableFrom(SecureContext.class))) {
+            throw new IllegalArgumentException(
+                "secureContext must be defined and implement SecureContext");
+        }
+    }
+
     /**
      * Writes a new <code>Authentication</code> object to the container's
      * well-known location, if supported the subclass.
@@ -97,18 +126,24 @@ public abstract class AbstractIntegrationFilter implements Filter {
             Authentication auth = (Authentication) extracted;
 
             // Get or create existing SecureContext
-            SecureContext secureContext = null;
+            SecureContext sc = null;
 
             if ((ContextHolder.getContext() == null)
                 || !(ContextHolder.getContext() instanceof SecureContext)) {
-                secureContext = new SecureContextImpl();
+                try {
+                    sc = (SecureContext) this.secureContext.newInstance();
+                } catch (InstantiationException ie) {
+                    throw new ServletException(ie);
+                } catch (IllegalAccessException iae) {
+                    throw new ServletException(iae);
+                }
             } else {
-                secureContext = (SecureContext) ContextHolder.getContext();
+                sc = (SecureContext) ContextHolder.getContext();
             }
 
             // Add Authentication to SecureContext, and save
-            secureContext.setAuthentication(auth);
+            sc.setAuthentication(auth);
-            ContextHolder.setContext((Context) secureContext);
+            ContextHolder.setContext((Context) sc);
         } else {
             if (logger.isDebugEnabled()) {
                 logger.debug(