This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new ea8e760b71 ISIS-3113: minor: some refactoring, no change in behavior
ea8e760b71 is described below
commit ea8e760b7135856ed54b674518dd530735651006
Author: Andi Huber <[email protected]>
AuthorDate: Tue Aug 9 16:41:59 2022 +0200
ISIS-3113: minor: some refactoring, no change in behavior
---
.../session/InteractionServiceDefault.java | 17 ++++--
.../spring/webmodule/SpringSecurityFilter.java | 70 +++++++++++++++-------
2 files changed, 59 insertions(+), 28 deletions(-)
diff --git
a/core/runtimeservices/src/main/java/org/apache/isis/core/runtimeservices/session/InteractionServiceDefault.java
b/core/runtimeservices/src/main/java/org/apache/isis/core/runtimeservices/session/InteractionServiceDefault.java
index de8ab73e4f..99010fdf30 100644
---
a/core/runtimeservices/src/main/java/org/apache/isis/core/runtimeservices/session/InteractionServiceDefault.java
+++
b/core/runtimeservices/src/main/java/org/apache/isis/core/runtimeservices/session/InteractionServiceDefault.java
@@ -54,6 +54,7 @@ import org.apache.isis.applib.util.schema.CommandDtoUtils;
import org.apache.isis.applib.util.schema.InteractionDtoUtils;
import org.apache.isis.applib.util.schema.InteractionsDtoUtils;
import org.apache.isis.commons.functional.ThrowingRunnable;
+import org.apache.isis.commons.internal.assertions._Assert;
import org.apache.isis.commons.internal.base._Casts;
import org.apache.isis.commons.internal.concurrent._ConcurrentContext;
import org.apache.isis.commons.internal.concurrent._ConcurrentTaskList;
@@ -328,8 +329,8 @@ implements
serviceInjector.injectServicesInto(callable);
try {
return callable.call();
- } catch (Exception e) {
- requestRollback();
+ } catch (Throwable e) {
+ requestRollback(e);
throw e;
}
}
@@ -339,14 +340,20 @@ implements
serviceInjector.injectServicesInto(runnable);
try {
runnable.run();
- } catch (Exception e) {
- requestRollback();
+ } catch (Throwable e) {
+ requestRollback(e);
throw e;
}
}
- private void requestRollback() {
+ private void requestRollback(final Throwable cause) {
val stack = interactionLayerStack.get();
+ _Assert.assertFalse(stack.isEmpty(), ()->
+ String.format(
+ "unexpected state: missing interaction (layer) on
interaction rollback; "
+ + "rollback was caused by %s -> %s",
+ cause.getClass().getName(),
+ cause.getMessage()));
val interaction =
_Casts.<IsisInteraction>uncheckedCast(stack.get(0).getInteraction());
txBoundaryHandler.requestRollback(interaction);
}
diff --git
a/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
b/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
index 1be499c002..96f6b8e2fe 100644
---
a/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
+++
b/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
@@ -20,6 +20,7 @@ package org.apache.isis.security.spring.webmodule;
import java.io.IOException;
import java.util.List;
+import java.util.Optional;
import javax.inject.Inject;
import javax.servlet.Filter;
@@ -30,6 +31,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.apache.isis.applib.services.iactnlayer.InteractionContext;
@@ -39,6 +41,7 @@ import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.applib.services.user.UserMemento.AuthenticationSource;
import org.apache.isis.security.spring.authconverters.AuthenticationConverter;
+import lombok.NonNull;
import lombok.val;
/**
@@ -57,39 +60,60 @@ public class SpringSecurityFilter implements Filter {
final ServletResponse servletResponse,
final FilterChain filterChain) throws IOException,
ServletException {
- val httpServletResponse = (HttpServletResponse) servletResponse;
+ val userMemento = springAuthentication()
+ .flatMap(this::userMementoFromSpringAuthentication)
+ .orElse(null);
- val springAuthentication =
SecurityContextHolder.getContext().getAuthentication();
- if(springAuthentication==null
- || !springAuthentication.isAuthenticated()) {
- httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- return; // not authenticated
+ if (userMemento == null) {
+ ((HttpServletResponse)
servletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ return; // either not authenticated or unknown principal type (not
handled)
+ }
+
+ val interactionContext =
InteractionContext.ofUserWithSystemDefaults(userMemento)
+
.withTimeZoneIfAny(userCurrentSessionTimeZoneHolder.getUserTimeZone());
+
+ interactionService.run(
+ interactionContext,
+ ()->filterChain.doFilter(servletRequest, servletResponse));
+ }
+
+ // -- HELPER
+
+ /**
+ * Optionally Spring's {@link Authentication}, based on presence
+ * (no matter whether actually authenticated).
+ */
+ private Optional<Authentication> springAuthentication() {
+ return
Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication());
+ }
+
+ /**
+ * Optionally an authorized {@link UserMemento} based on presence of an
actually
+ * authenticated Spring {@link Authentication}.
+ */
+ private Optional<UserMemento> userMementoFromSpringAuthentication(
+ final @NonNull Authentication springAuthentication) {
+
+ // make sure session is actually authenticated
+ if(!springAuthentication.isAuthenticated()) {
+ return Optional.empty();
}
- UserMemento userMemento = null;
for (final AuthenticationConverter converter : converters) {
try {
- userMemento = converter.convert(springAuthentication);
+ val userMemento = converter.convert(springAuthentication);
if(userMemento != null) {
- break;
+ return Optional.of(
+ // adds generic authorized user role to indicate
'authorized'
+ // (as required by Wicket viewer)
+ userMemento
+
.withRoleAdded(UserMemento.AUTHORIZED_USER_ROLE)
+
.withAuthenticationSource(AuthenticationSource.EXTERNAL));
}
} catch(final Exception ignored) {
}
}
-
- if (userMemento == null) {
- httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- return; // unknown principal type, not handled
- }
-
- // adds generic authorized user role to indicate 'authorized' (as
required by Wicket viewer)
- userMemento =
userMemento.withRoleAdded(UserMemento.AUTHORIZED_USER_ROLE)
- .withAuthenticationSource(AuthenticationSource.EXTERNAL);
-
- interactionService.run(
- InteractionContext.ofUserWithSystemDefaults(userMemento)
-
.withTimeZoneIfAny(userCurrentSessionTimeZoneHolder.getUserTimeZone()),
- ()->filterChain.doFilter(servletRequest, servletResponse));
+ return Optional.empty();
}
}
