I don't get it ... Either the project files are a (temporarily) hassle, and then you just need to remove them completely, and you don't have to inject them back (remind me a previous convo ;), or you keep them in svn, add some svn:ignore flags locally and remove them from your disk, and when they are fixed, you remove the svn:ignore property. That should do the trick, IMO?
On Tue, Feb 17, 2009 at 4:24 PM, <[email protected]> wrote: > Author: lhazlewood > Date: Tue Feb 17 15:24:02 2009 > New Revision: 745117 > > URL: http://svn.apache.org/viewvc?rev=745117&view=rev > Log: > removing project files for now (seeing errors in my IDE) - will re-add them > after cleanup. Also added some utility methods to reduce method complexity > > Removed: > incubator/jsecurity/trunk/jsecurity.iml > incubator/jsecurity/trunk/jsecurity.ipr > incubator/jsecurity/trunk/samples/quickstart/quickstart.iml > incubator/jsecurity/trunk/samples/standalone/standalone.iml > Modified: > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff > ============================================================================== > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > (original) > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > Tue Feb 17 15:24:02 2009 > @@ -75,7 +75,7 @@ > this(); > setRealms(realms); > } > - > + > /** > * Sets the path used to store the remember me cookie. This determines > which paths > * are able to view the remember me cookie. > @@ -149,7 +149,6 @@ > LifecycleUtils.destroy(getSessionManager()); > WebSessionManager sessionManager = createSessionManager(mode); > setSessionManager(sessionManager); > - setSubjectFactory(new WebSubjectFactory(this, sessionManager)); > } > } > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff > ============================================================================== > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > (original) > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > Tue Feb 17 15:24:02 2009 > @@ -85,9 +85,14 @@ > } > > protected Session getWebSession() { > - ServletRequest request = WebUtils.getRequiredServletRequest(); > - ServletResponse response = WebUtils.getRequiredServletResponse(); > - return getWebSessionManager().getSession(request, response); > + ServletRequest request = WebUtils.getServletRequest(); > + ServletResponse response = WebUtils.getServletResponse(); > + if ( request == null || response == null ) { > + //no current web request - probably a remote method invocation > that didn't come in via a servlet request: > + return null; > + } else { > + return getWebSessionManager().getSession(request, response); > + } > } > > @Override > @@ -110,7 +115,10 @@ > > InetAddress inet = inetAddress; > if (inet == null) { > - inet = > WebUtils.getInetAddress(WebUtils.getRequiredServletRequest()); > + ServletRequest request = WebUtils.getServletRequest(); > + if ( request != null ) { > + inet = WebUtils.getInetAddress(request); > + } > } > > return super.createSubject(pc, session, authc, inet); > > Modified: incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff > ============================================================================== > --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > (original) > +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java Tue Feb > 17 15:24:02 2009 > @@ -305,6 +305,29 @@ > } > > /** > + * Returns the current thread-bound {...@code ServletRequest} or > {...@code null} if there is not one bound. > + * <p/> > + * It is the case in certain enterprise environments where a web-enabled > SecurityManager (and its internal mechanisms) > + * is the primary SecurityManager but also serves as a 'central' > coordinator for security operations in a cluster. > + * In these environments, it is possible for a web-enabled > SecurityManager to receive remote method invocations that > + * are not HTTP based. > + * <p/> > + * In these environments, we need to acquire a thread-bound > ServletRequest if it exists, but > + * not throw an exception if one is not found (with the assumption that > the incoming call is not a web request but > + * instead a remote method invocation). This method exists to support > these environments, whereas the > + * {...@link #getRequiredServletRequest() getRequiredServletRequest()} > method always assumes a > + * servlet-only environment. > + * <p/> > + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists for > JSecurity implementation requirements only. > + * > + * @return the current thread-bound {...@code ServletRequest} or > {...@code null} if there is not one bound. > + * @since 1.0 > + */ > + public static ServletRequest getServletRequest() { > + return (ServletRequest) ThreadContext.get(SERVLET_REQUEST_KEY); > + } > + > + /** > * Convenience method that simplifies retrieval of a required > thread-bound ServletRequest. If there is no > * ServletRequest bound to the thread when this method is called, an > <code>IllegalStateException</code> is > * thrown. > @@ -368,6 +391,29 @@ > } > > /** > + * Returns the current thread-bound {...@code ServletResponse} or > {...@code null} if there is not one bound. > + * <p/> > + * It is the case in certain enterprise environments where a web-enabled > SecurityManager (and its internal mechanisms) > + * is the primary SecurityManager but also serves as a 'central' > coordinator for security operations in a cluster. > + * In these environments, it is possible for a web-enabled > SecurityManager to receive remote method invocations that > + * are not HTTP based. > + * <p/> > + * In these environments, we need to acquire a thread-bound > ServletResponse if it exists, but > + * not throw an exception if one is not found (with the assumption that > the incoming call is not a web request but > + * instead a remote method invocation). This method exists to support > these environments, whereas the > + * {...@link #getRequiredServletResponse() getRequiredServletResponse()} > method always assumes a > + * servlet-only environment. > + * <p/> > + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists for > JSecurity implementation requirements only. > + * > + * @return the current thread-bound {...@code ServletResponse} or > {...@code null} if there is not one bound. > + * @since 1.0 > + */ > + public static ServletResponse getServletResponse() { > + return (ServletResponse) ThreadContext.get(SERVLET_RESPONSE_KEY); > + } > + > + /** > * Convenience method that simplifies retrieval of a required > thread-bound ServletResponse. If there is no > * ServletResponse bound to the thread when this method is called, an > <code>IllegalStateException</code> is > * thrown. > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff > ============================================================================== > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > (original) > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > Tue Feb 17 15:24:02 2009 > @@ -42,21 +42,21 @@ > > /** > * Main ServletFilter that configures and enables all JSecurity functions > within a web application. > - * > + * <p/> > * The following is a fully commented example that documents how to configure > it: > - * > + * <p/> > * <pre><filter> > * <filter-name>JSecurityFilter</filter-name> > * > <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class> > * > <init-param><param-name>config</param-name><param-value> > - * > + * <p/> > * #NOTE: This config looks pretty long - but its not - its only 5 lines of > actual config. > * # Everything else is just heavily commented to explain things > in-depth. Feel free to delete any > * # comments that you don't want to read from your own configuration ;) > * # > * # Any commented values below are JSecurity's defaults. If you want to > change any values, you only > * # need to uncomment the lines you want to change. > - * > + * <p/> > * [main] > * # The 'main' section defines JSecurity-wide configuration. > * # > @@ -69,7 +69,7 @@ > * # > * #securityManager = {...@link org.jsecurity.web.DefaultWebSecurityManager > org.jsecurity.web.DefaultWebSecurityManager} > * #securitymanage...@link > org.jsecurity.web.DefaultWebSecurityManager#setSessionMode(String) > sessionMode} = http > - * > + * <p/> > * [filters] > * # This section defines the 'pool' of all Filters available to the url path > definitions in the [urls] section below. > * # > @@ -112,7 +112,7 @@ > * # > * # Define your own filters here. To properly handle url path matching (see > the [urls] section below), your > * # filter should extend the {...@link > org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter} abstract > class. > - * > + * <p/> > * [urls] > * # This section defines url path mappings. Each mapping entry must be on a > single line and conform to the > * # following representation: > @@ -158,14 +158,14 @@ > * # the text between the brackets as two permissions: 'remote:invoke:lan' > and 'wan' instead of the > * # single desired 'remote:invoke:lan,wan' token. So, you can use quotes > wherever you need to escape internal > * # commas.) > - * > + * <p/> > * /account/** = <a href="#authcBasic">authcBasic</a> > * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a > href="#roles">roles</a>[b2bClient], <a > href="#perms">perms</a>[remote:invoke:"lan,wan"] > - * > + * <p/> > * </param-value></init-param> > * </filter> > - * > - * > + * <p/> > + * <p/> > * <filter-mapping> > * <filter-name>JSecurityFilter</filter-name> > * <url-pattern>/*</url-pattern> > @@ -185,7 +185,7 @@ > public static final String CONFIG_INIT_PARAM_NAME = "config"; > public static final String CONFIG_URL_INIT_PARAM_NAME = "configUrl"; > > - private static final Log log = LogFactory.getLog(JSecurityFilter.class); > + private static final Log log = LogFactory.getLog(JSecurityFilter.class); > > protected String config; > protected String configUrl; > @@ -238,7 +238,7 @@ > if (sm == null) { > if (log.isInfoEnabled()) { > log.info("Configuration instance [" + config + "] did not > provide a SecurityManager. No config " + > - "specified? Defaulting to a " + > DefaultWebSecurityManager.class.getName() + " instance..."); > + "specified? Defaulting to a " + > DefaultWebSecurityManager.class.getName() + " instance..."); > } > sm = new DefaultWebSecurityManager(); > } > @@ -255,8 +255,8 @@ > this.configClassName = configCN; > } else { > String msg = "configClassName fully qualified class name > value [" + configCN + "] is not " + > - "available in the classpath. Please ensure you have > typed it correctly and the " + > - "corresponding class or jar is in the classpath."; > + "available in the classpath. Please ensure you have > typed it correctly and the " + > + "corresponding class or jar is in the classpath."; > throw new ConfigurationException(msg); > } > } > @@ -277,7 +277,7 @@ > protected void applyFilterConfig(WebConfiguration conf) { > if (log.isDebugEnabled()) { > String msg = "Attempting to inject the FilterConfig (using > 'setFilterConfig' method) into the " + > - "instantiated WebConfiguration for any wrapped Filter > initialization..."; > + "instantiated WebConfiguration for any wrapped Filter > initialization..."; > log.debug(msg); > } > try { > @@ -301,9 +301,9 @@ > PropertyUtils.setProperty(conf, "config", this.config); > } else { > String msg = "The 'config' filter param was specified, > but there is no " + > - "'setConfig(String)' method on the Configuration > instance [" + conf + "]. If you do " + > - "not require the 'config' filter param, please > comment it out, or if you do need it, " + > - "please ensure your Configuration instance has a > 'setConfig(String)' method to receive it."; > + "'setConfig(String)' method on the Configuration > instance [" + conf + "]. If you do " + > + "not require the 'config' filter param, please > comment it out, or if you do need it, " + > + "please ensure your Configuration instance has a > 'setConfig(String)' method to receive it."; > throw new ConfigurationException(msg); > } > } catch (Exception e) { > @@ -322,9 +322,9 @@ > PropertyUtils.setProperty(conf, "configUrl", > this.configUrl); > } else { > String msg = "The 'configUrl' filter param was specified, > but there is no " + > - "'setConfigUrl(String)' method on the > Configuration instance [" + conf + "]. If you do " + > - "not require the 'configUrl' filter param, > please comment it out, or if you do need it, " + > - "please ensure your Configuration instance has a > 'setConfigUrl(String)' method to receive it."; > + "'setConfigUrl(String)' method on the Configuration > instance [" + conf + "]. If you do " + > + "not require the 'configUrl' filter param, please > comment it out, or if you do need it, " + > + "please ensure your Configuration instance has a > 'setConfigUrl(String)' method to receive it."; > throw new ConfigurationException(msg); > } > } catch (Exception e) { > @@ -347,26 +347,69 @@ > return WebUtils.getInetAddress(request); > } > > - protected void doFilterInternal(ServletRequest servletRequest, > ServletResponse servletResponse, > - FilterChain origChain) throws > ServletException, IOException { > + /** > + * Wraps the original HttpServletRequest in a {...@link > JSecurityHttpServletRequest} > + * @since 1.0 > + */ > + protected ServletRequest wrapServletRequest(HttpServletRequest orig) { > + return new JSecurityHttpServletRequest(orig, getServletContext(), > isHttpSessions()); > + } > > - HttpServletRequest request = (HttpServletRequest) servletRequest; > - HttpServletResponse response = (HttpServletResponse) servletResponse; > + /** @since 1.0 */ > + protected ServletRequest prepareServletRequest(ServletRequest request, > ServletResponse response, > + FilterChain chain) { > + ServletRequest toUse = request; > + if (request instanceof HttpServletRequest) { > + HttpServletRequest http = (HttpServletRequest) request; > + toUse = wrapServletRequest(http); > + } > + return toUse; > + } > > - ThreadContext.bind(getInetAddress(request)); > + /** @since 1.0 */ > + protected ServletResponse wrapServletResponse(HttpServletResponse orig, > JSecurityHttpServletRequest request) { > + return new JSecurityHttpServletResponse(orig, getServletContext(), > request); > + } > > - boolean httpSessions = isHttpSessions(); > - request = new JSecurityHttpServletRequest(request, > getServletContext(), httpSessions); > - if (!httpSessions) { > + /** @since 1.0 */ > + protected ServletResponse prepareServletResponse(ServletRequest request, > ServletResponse response, > + FilterChain chain) { > + ServletResponse toUse = response; > + if (isHttpSessions() && (request instanceof > JSecurityHttpServletRequest) && > + (response instanceof HttpServletResponse)) { > //the JSecurityHttpServletResponse exists to support URL > rewriting for session ids. This is only needed if > //using JSecurity sessions (i.e. not simple HttpSession based > sessions): > - response = new JSecurityHttpServletResponse(response, > getServletContext(), (JSecurityHttpServletRequest) request); > + toUse = wrapServletResponse((HttpServletResponse) response, > (JSecurityHttpServletRequest) request); > } > + return toUse; > + } > > + /** @since 1.0 */ > + protected void bind(ServletRequest request, ServletResponse response) { > + WebUtils.bindInetAddressToThread(request); > WebUtils.bind(request); > WebUtils.bind(response); > ThreadContext.bind(getSecurityManager()); > ThreadContext.bind(getSecurityManager().getSubject()); > + } > + > + /** @since 1.0 */ > + protected void unbind(ServletRequest request, ServletResponse response) { > + //arguments ignored, just clear the thread: > + ThreadContext.unbindSubject(); > + ThreadContext.unbindSecurityManager(); > + WebUtils.unbindServletResponse(); > + WebUtils.unbindServletRequest(); > + ThreadContext.unbindInetAddress(); > + } > + > + protected void doFilterInternal(ServletRequest servletRequest, > ServletResponse servletResponse, > + FilterChain origChain) throws > ServletException, IOException { > + > + ServletRequest request = prepareServletRequest(servletRequest, > servletResponse, origChain); > + ServletResponse response = prepareServletResponse(request, > servletResponse, origChain); > + > + bind(request, response); > > FilterChain chain = getConfiguration().getChain(request, response, > origChain); > if (chain == null) { > @@ -383,11 +426,7 @@ > try { > chain.doFilter(request, response); > } finally { > - ThreadContext.unbindSubject(); > - ThreadContext.unbindSecurityManager(); > - WebUtils.unbindServletResponse(); > - WebUtils.unbindServletRequest(); > - ThreadContext.unbindInetAddress(); > + unbind(request, response); > } > } > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff > ============================================================================== > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > (original) > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > Tue Feb 17 15:24:02 2009 > @@ -229,7 +229,8 @@ > return sessionId; > } > > - public Session retrieveSession(Serializable sessionId) throws > InvalidSessionException, AuthorizationException { > + @Override > + protected Session retrieveSession(Serializable sessionId) throws > InvalidSessionException, AuthorizationException { > if (sessionId != null) { > return super.retrieveSession(sessionId); > } else { > > > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
