Re: svn commit: r735626 - /incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java

Tue, 20 Jan 2009 21:28:35 -0800 


On Jan 19, 2009, at 1:13 AM, Emmanuel Lecharny wrote:


Just jumping on this commit to ask if you are using a Java coding
standard ? I guess it's pretty close to Sun's standard, but it would
be good to add a page on the (comming) web site. Many Apache project
already have one, so it's just a matter to copy/paste one of them, and
adapt it to the project's choice.

For instance, in this commit, if you follow the Java coding standard,
the "static final log = ..." should be "static final LOG = ..."
(http://java.sun.com/docs/codeconv/html/ CodeConventions.doc8.html#367).
This is the first time I've seen the upper case convention applied to a reference type. I've seen it applied to primitives, like int, String, float, etc. But never to Log or I18NHelper or the like. 

So can anyone find a reference to something looking like the proposed:
+ private static final Log LOG = LogFactory.getLog(SecureRemoteInvocationFactory.class); 

But it can stay the way it is if the project decide too. The main goal
is to have a common approach for all the code.


I agree that the dev team should adopt standards.

Craig




Thanks !

On Mon, Jan 19, 2009 at 9:09 AM,  <[email protected]> wrote:

Author: lhazlewood
Date: Mon Jan 19 00:09:43 2009
New Revision: 735626

URL: http://svn.apache.org/viewvc?rev=735626&view=rev
Log:
Modified to be more robust and based on common Subject lookup mechanisms (SecurityUtils). If not found there, only then fall back to a system property (previous behavior). 

Modified:
incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/ remoting/SecureRemoteInvocationFactory.java
Modified: incubator/jsecurity/trunk/support/spring/src/org/ jsecurity/spring/remoting/SecureRemoteInvocationFactory.java 
URL: 
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java?rev=735626&r1=735625&r2=735626&view=diff
= = = = = = = = = ===================================================================== --- incubator/jsecurity/trunk/support/spring/src/org/jsecurity/ spring/remoting/SecureRemoteInvocationFactory.java (original) +++ incubator/jsecurity/trunk/support/spring/src/org/jsecurity/ spring/remoting/SecureRemoteInvocationFactory.java Mon Jan 19 00:09:43 2009 
@@ -19,11 +19,17 @@
package org.jsecurity.spring.remoting;

import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.jsecurity.SecurityUtils;
import org.jsecurity.session.Session;
+import org.jsecurity.subject.Subject;
import org.springframework.remoting.support.DefaultRemoteInvocationFactory; 
import org.springframework.remoting.support.RemoteInvocation;
import org.springframework.remoting.support.RemoteInvocationFactory;

+import java.io.Serializable;
+
/**
* A {...@link RemoteInvocationFactory} that passes the session ID to the server via a * {...@link RemoteInvocation} {...@link RemoteInvocation#getAttribute(String) attribute}. 
@@ -38,7 +44,7 @@
*/
public class SecureRemoteInvocationFactory extends DefaultRemoteInvocationFactory { 

-    //TODO - complete JavaDoc
+ private static final Log log = LogFactory.getLog(SecureRemoteInvocationFactory.class);
public static final String SESSION_ID_KEY = Session.class.getName() + "_ID_KEY"; 

@@ -53,13 +59,30 @@
* @return a remote invocation object containing the current session ID as an attribute. 
    */
public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) { - String sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME); 
+        Serializable sessionId = null;
+        Subject subject = SecurityUtils.getSubject();
+        if (subject != null) {
+            Session session = subject.getSession(false);
+            if (session != null) {
+                sessionId = session.getId();
+            }
+        }
+
       if (sessionId == null) {
- throw new IllegalStateException("System property [" + SESSION_ID_SYSTEM_PROPERTY_NAME + "] is not set. " + - "This property must be set to the JSecurity session ID for remote calls to function."); 
+            if (log.isTraceEnabled()) {
+ log.trace("No Session found for the currently executing subject via subject.getSession(false). " + + "Attempting to revert back to the 'jsecurity.session.id' system property..."); 
+            }
+        }
+ sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME); 
+        if (sessionId == null && log.isTraceEnabled()) {
+ log.trace("No 'jsecurity.session.id' system property found. Heuristics have been exhausted; " + + "RemoteInvocation will not contain a sessionId."); 
       }
       RemoteInvocation ri = new RemoteInvocation(methodInvocation);
-        ri.addAttribute(SESSION_ID_KEY, sessionId);
+        if (sessionId != null) {
+            ri.addAttribute(SESSION_ID_KEY, sessionId);
+        }

       return ri;
   }







--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com


Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!

Reply via email to