Just jumping on this commit to ask if you are using a Java coding standard ? I guess it's pretty close to Sun's standard, but it would be good to add a page on the (comming) web site. Many Apache project already have one, so it's just a matter to copy/paste one of them, and adapt it to the project's choice.
For instance, in this commit, if you follow the Java coding standard, the "static final log = ..." should be "static final LOG = ..." (http://java.sun.com/docs/codeconv/html/CodeConventions.doc8.html#367). But it can stay the way it is if the project decide too. The main goal is to have a common approach for all the code. Thanks ! On Mon, Jan 19, 2009 at 9:09 AM, <[email protected]> wrote: > Author: lhazlewood > Date: Mon Jan 19 00:09:43 2009 > New Revision: 735626 > > URL: http://svn.apache.org/viewvc?rev=735626&view=rev > Log: > Modified to be more robust and based on common Subject lookup mechanisms > (SecurityUtils). If not found there, only then fall back to a system > property (previous behavior). > > Modified: > > incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java > > Modified: > incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java?rev=735626&r1=735625&r2=735626&view=diff > ============================================================================== > --- > incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java > (original) > +++ > incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java > Mon Jan 19 00:09:43 2009 > @@ -19,11 +19,17 @@ > package org.jsecurity.spring.remoting; > > import org.aopalliance.intercept.MethodInvocation; > +import org.apache.commons.logging.Log; > +import org.apache.commons.logging.LogFactory; > +import org.jsecurity.SecurityUtils; > import org.jsecurity.session.Session; > +import org.jsecurity.subject.Subject; > import org.springframework.remoting.support.DefaultRemoteInvocationFactory; > import org.springframework.remoting.support.RemoteInvocation; > import org.springframework.remoting.support.RemoteInvocationFactory; > > +import java.io.Serializable; > + > /** > * A {...@link RemoteInvocationFactory} that passes the session ID to the > server via a > * {...@link RemoteInvocation} {...@link > RemoteInvocation#getAttribute(String) attribute}. > @@ -38,7 +44,7 @@ > */ > public class SecureRemoteInvocationFactory extends > DefaultRemoteInvocationFactory { > > - //TODO - complete JavaDoc > + private static final Log log = > LogFactory.getLog(SecureRemoteInvocationFactory.class); > > public static final String SESSION_ID_KEY = Session.class.getName() + > "_ID_KEY"; > > @@ -53,13 +59,30 @@ > * @return a remote invocation object containing the current session ID > as an attribute. > */ > public RemoteInvocation createRemoteInvocation(MethodInvocation > methodInvocation) { > - String sessionId = > System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME); > + Serializable sessionId = null; > + Subject subject = SecurityUtils.getSubject(); > + if (subject != null) { > + Session session = subject.getSession(false); > + if (session != null) { > + sessionId = session.getId(); > + } > + } > + > if (sessionId == null) { > - throw new IllegalStateException("System property [" + > SESSION_ID_SYSTEM_PROPERTY_NAME + "] is not set. " + > - "This property must be set to the JSecurity session ID > for remote calls to function."); > + if (log.isTraceEnabled()) { > + log.trace("No Session found for the currently executing > subject via subject.getSession(false). " + > + "Attempting to revert back to the > 'jsecurity.session.id' system property..."); > + } > + } > + sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME); > + if (sessionId == null && log.isTraceEnabled()) { > + log.trace("No 'jsecurity.session.id' system property found. > Heuristics have been exhausted; " + > + "RemoteInvocation will not contain a sessionId."); > } > RemoteInvocation ri = new RemoteInvocation(methodInvocation); > - ri.addAttribute(SESSION_ID_KEY, sessionId); > + if (sessionId != null) { > + ri.addAttribute(SESSION_ID_KEY, sessionId); > + } > > return ri; > } > > > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
