Hi everyone,
I'm still not confident with this bug since it introduces a major change in
context initialization; my implementation introduces a
SecurityContextFactory and all ContextHolderStrategy implementation (that
now use this factory).
I think there is no API break but these new features may have side effects,
I need help on this.
Attached : the current SecurityContextFactory (not commited) code.
ContextHolderStrategy update :
>From :
public SecurityContext getContext() {
if (contextHolder.get() == null) {
contextHolder.set(new SecurityContextImpl());
}
return (SecurityContext) contextHolder.get();
}
To :
public SecurityContext getContext() {
if (contextHolder.get() == null) {
contextHolder.set(SecurityContextFactory.newSecurityContext());
}
return (SecurityContext) contextHolder.get();
}
Sorry for the delay, I'm under pressure here.
Best Regards
MAG
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Ben Alex
> Sent: vendredi 15 septembre 2006 11:08
> To: [email protected]
> Subject: Re: [Acegisecurity-developer] Releasing 1.0.2
>
> marc antoine garrigue wrote:
>
> > May I commit the SEC-304 fix code before 1.0.2 release?
>
> This change is in a sensitive area of code. You can commit provided that
> it does not change the API or break backward compatibility for existing
> 1.0.x stream users or unit tests. I'll also take a look before release
> (please assign the task back to me when you've committed the changes).
>
> >>> I have just been through JIRA and looked at all bugs. I've moved all
> but
> >>> one bug to release 1.0.2 (the one being ignored because it's more a
> >>> low-impact known limitation than an actual bug). We need to get these
> >>> bugs quashed before 1.0.2 goes out.
>
> I have today closed all my 1.0.2 assigned issues, or they are awaiting
> feedback from the issue reporter.
>
> Could other developers please finalize their 1.0.2-related tasks (see
> http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa)
> .
>
> Luke, I noticed nightly snapshots aren't working
> (http://acegisecurity.sourceforge.net/nightly/) and the last site build
> was 29 August 2006. Would you please have a look, as it would be good to
> provide end users with snapshots that they can try out before 1.0.2 is
> finally released.
>
> Cheers
> Ben
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.context;
import org.springframework.util.ReflectionUtils;
/**
* Central class responsible for new SecurityContext creation. If you plan to use of a custom SecurityContext
* implementation, you should configure this class, there is two ways for doing this :
*
* <ul>
* <li>
* By setting a system property <code>acegi.security.context</code> to the target fully SecurityContext implementation
* class name
* </li>
* <li>
* By calling the [EMAIL PROTECTED] static method. This can be achieved by adding the following
* declaration in your spring configuration :
* </li>
* </ul>
*
* <code><bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"><br/
* > <property name="targetClass"><value>org.acegisecurity.context.SecurityContextFactory</value></property><br/
* > <property name="targetMethod"><value>setSecurityContextClassName</value></property><br/
* > <property name="arguments"><br/
* > <list><br/
* > <value>YOUR CLASS NAME</value><br/
* > </list><br/
* > </property><br/
* > </bean><br/
* ></code> This class will create instance of [EMAIL PROTECTED] org.acegisecurity.context.SecurityContextImpl} by default.
*
* @author Marc-Antoine Garrigue
* @version $Id: $
*/
public class SecurityContextFactory {
//~ Static fields/initializers =====================================================================================
// ~ Static fields/initializers
// =============================================
public static final String SYSTEM_PROPERTY = "acegi.security.context";
private static String securityContextClassName = System.getProperty(SYSTEM_PROPERTY);
private static Class securityContextClass;
private static int initializeCount = 0;
static {
initialize();
}
//~ Constructors ===================================================================================================
// ~ Constructors
// ===========================================================
private SecurityContextFactory() {}
//~ Methods ========================================================================================================
// ~ Methods
// ================================================================
/**
* Primarily for troubleshooting purposes, this method shows how many times the class has reinitialized
*
* @return the count (should be one unless you've called [EMAIL PROTECTED] #initialize()} to switch to an alternate
* strategy.
*/
public static int getInitializeCount() {
return initializeCount;
}
/**
* Changes the preferred SecurityContext class. Do <em>NOT</em> call this method more than once for a given JVM, as
* it will reinitialize the SecurityContextFactory.
*
* @param securityContextClassName the fully qualified classname of the securityContext class that should be
* contructed by this factory.
*/
public static void setSecurityContextClassName(String securityContextClassName) {
SecurityContextFactory.securityContextClassName = securityContextClassName;
initialize();
}
/**
* Create a new SecurityContext
*
* @return a new SecurityContext implementation based on the specified securityContextClass
*
* @throws IllegalArgumentException if creation of class fails
*/
public static SecurityContext newSecurityContext() {
try {
return (SecurityContext) securityContextClass.newInstance();
} catch (Exception e) {
throw new IllegalArgumentException("impossible to create a new instance of the "
+ "specified securityContextClass : '" + securityContextClass + "'");
}
}
private static void initialize() {
if ((securityContextClassName == null) || "".equals(securityContextClassName)) {
// Set default
securityContextClassName = SecurityContextImpl.class.getName();
}
try {
securityContextClass = Class.forName(securityContextClassName);
} catch (Exception ex) {
ReflectionUtils.handleReflectionException(ex);
}
initializeCount++;
if (!SecurityContext.class.isAssignableFrom(securityContextClass)) {
throw new IllegalArgumentException("invalid SecurityContext class specified :'" + securityContextClassName
+ "'; must implement SecurityContext");
}
}
}
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
