This was a result of me hosing something with my own installation that I didn't understand. The easiest thing to do was to remove and replace once I got it up and running - I didn't want to waste time investigating how I broke it. This is the first time I've seen this issue in 4 years, and odds are very high it is because of user error :)
On Tue, Feb 17, 2009 at 10:29 AM, Emmanuel Lecharny <[email protected]>wrote: > I don't get it ... > > Either the project files are a (temporarily) hassle, and then you just > need to remove them completely, and you don't have to inject them back > (remind me a previous convo ;), or you keep them in svn, add some > svn:ignore flags locally and remove them from your disk, and when they > are fixed, you remove the svn:ignore property. That should do the > trick, IMO? > > On Tue, Feb 17, 2009 at 4:24 PM, <[email protected]> wrote: > > Author: lhazlewood > > Date: Tue Feb 17 15:24:02 2009 > > New Revision: 745117 > > > > URL: http://svn.apache.org/viewvc?rev=745117&view=rev > > Log: > > removing project files for now (seeing errors in my IDE) - will re-add > them after cleanup. Also added some utility methods to reduce method > complexity > > > > Removed: > > incubator/jsecurity/trunk/jsecurity.iml > > incubator/jsecurity/trunk/jsecurity.ipr > > incubator/jsecurity/trunk/samples/quickstart/quickstart.iml > > incubator/jsecurity/trunk/samples/standalone/standalone.iml > > Modified: > > > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > > > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > > > > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff > > > ============================================================================== > > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > (original) > > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java > Tue Feb 17 15:24:02 2009 > > @@ -75,7 +75,7 @@ > > this(); > > setRealms(realms); > > } > > - > > + > > /** > > * Sets the path used to store the remember me cookie. This > determines which paths > > * are able to view the remember me cookie. > > @@ -149,7 +149,6 @@ > > LifecycleUtils.destroy(getSessionManager()); > > WebSessionManager sessionManager = > createSessionManager(mode); > > setSessionManager(sessionManager); > > - setSubjectFactory(new WebSubjectFactory(this, > sessionManager)); > > } > > } > > > > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff > > > ============================================================================== > > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > (original) > > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java > Tue Feb 17 15:24:02 2009 > > @@ -85,9 +85,14 @@ > > } > > > > protected Session getWebSession() { > > - ServletRequest request = WebUtils.getRequiredServletRequest(); > > - ServletResponse response = > WebUtils.getRequiredServletResponse(); > > - return getWebSessionManager().getSession(request, response); > > + ServletRequest request = WebUtils.getServletRequest(); > > + ServletResponse response = WebUtils.getServletResponse(); > > + if ( request == null || response == null ) { > > + //no current web request - probably a remote method > invocation that didn't come in via a servlet request: > > + return null; > > + } else { > > + return getWebSessionManager().getSession(request, response); > > + } > > } > > > > @Override > > @@ -110,7 +115,10 @@ > > > > InetAddress inet = inetAddress; > > if (inet == null) { > > - inet = > WebUtils.getInetAddress(WebUtils.getRequiredServletRequest()); > > + ServletRequest request = WebUtils.getServletRequest(); > > + if ( request != null ) { > > + inet = WebUtils.getInetAddress(request); > > + } > > } > > > > return super.createSubject(pc, session, authc, inet); > > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff > > > ============================================================================== > > --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java > (original) > > +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java Tue > Feb 17 15:24:02 2009 > > @@ -305,6 +305,29 @@ > > } > > > > /** > > + * Returns the current thread-bound {...@code ServletRequest} or > > {...@code > null} if there is not one bound. > > + * <p/> > > + * It is the case in certain enterprise environments where a > web-enabled SecurityManager (and its internal mechanisms) > > + * is the primary SecurityManager but also serves as a 'central' > coordinator for security operations in a cluster. > > + * In these environments, it is possible for a web-enabled > SecurityManager to receive remote method invocations that > > + * are not HTTP based. > > + * <p/> > > + * In these environments, we need to acquire a thread-bound > ServletRequest if it exists, but > > + * not throw an exception if one is not found (with the assumption > that the incoming call is not a web request but > > + * instead a remote method invocation). This method exists to > support these environments, whereas the > > + * {...@link #getRequiredServletRequest() getRequiredServletRequest()} > method always assumes a > > + * servlet-only environment. > > + * <p/> > > + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists for > JSecurity implementation requirements only. > > + * > > + * @return the current thread-bound {...@code ServletRequest} or > > {...@code > null} if there is not one bound. > > + * @since 1.0 > > + */ > > + public static ServletRequest getServletRequest() { > > + return (ServletRequest) ThreadContext.get(SERVLET_REQUEST_KEY); > > + } > > + > > + /** > > * Convenience method that simplifies retrieval of a required > thread-bound ServletRequest. If there is no > > * ServletRequest bound to the thread when this method is called, an > <code>IllegalStateException</code> is > > * thrown. > > @@ -368,6 +391,29 @@ > > } > > > > /** > > + * Returns the current thread-bound {...@code ServletResponse} or > {...@code null} if there is not one bound. > > + * <p/> > > + * It is the case in certain enterprise environments where a > web-enabled SecurityManager (and its internal mechanisms) > > + * is the primary SecurityManager but also serves as a 'central' > coordinator for security operations in a cluster. > > + * In these environments, it is possible for a web-enabled > SecurityManager to receive remote method invocations that > > + * are not HTTP based. > > + * <p/> > > + * In these environments, we need to acquire a thread-bound > ServletResponse if it exists, but > > + * not throw an exception if one is not found (with the assumption > that the incoming call is not a web request but > > + * instead a remote method invocation). This method exists to > support these environments, whereas the > > + * {...@link #getRequiredServletResponse() > getRequiredServletResponse()} method always assumes a > > + * servlet-only environment. > > + * <p/> > > + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists for > JSecurity implementation requirements only. > > + * > > + * @return the current thread-bound {...@code ServletResponse} or > {...@code null} if there is not one bound. > > + * @since 1.0 > > + */ > > + public static ServletResponse getServletResponse() { > > + return (ServletResponse) > ThreadContext.get(SERVLET_RESPONSE_KEY); > > + } > > + > > + /** > > * Convenience method that simplifies retrieval of a required > thread-bound ServletResponse. If there is no > > * ServletResponse bound to the thread when this method is called, an > <code>IllegalStateException</code> is > > * thrown. > > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff > > > ============================================================================== > > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > (original) > > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java > Tue Feb 17 15:24:02 2009 > > @@ -42,21 +42,21 @@ > > > > /** > > * Main ServletFilter that configures and enables all JSecurity functions > within a web application. > > - * > > + * <p/> > > * The following is a fully commented example that documents how to > configure it: > > - * > > + * <p/> > > * <pre><filter> > > * <filter-name>JSecurityFilter</filter-name> > > * > <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class> > > * > <init-param><param-name>config</param-name><param-value> > > - * > > + * <p/> > > * #NOTE: This config looks pretty long - but its not - its only 5 lines > of actual config. > > * # Everything else is just heavily commented to explain things > in-depth. Feel free to delete any > > * # comments that you don't want to read from your own > configuration ;) > > * # > > * # Any commented values below are JSecurity's defaults. If you want to > change any values, you only > > * # need to uncomment the lines you want to change. > > - * > > + * <p/> > > * [main] > > * # The 'main' section defines JSecurity-wide configuration. > > * # > > @@ -69,7 +69,7 @@ > > * # > > * #securityManager = {...@link org.jsecurity.web.DefaultWebSecurityManager > org.jsecurity.web.DefaultWebSecurityManager} > > * > > #securitymanage...@linkorg.jsecurity.web.defaultwebsecuritymanager#setsessionmode(String) > sessionMode} = http > > - * > > + * <p/> > > * [filters] > > * # This section defines the 'pool' of all Filters available to the url > path definitions in the [urls] section below. > > * # > > @@ -112,7 +112,7 @@ > > * # > > * # Define your own filters here. To properly handle url path matching > (see the [urls] section below), your > > * # filter should extend the {...@link > org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter} abstract > class. > > - * > > + * <p/> > > * [urls] > > * # This section defines url path mappings. Each mapping entry must be > on a single line and conform to the > > * # following representation: > > @@ -158,14 +158,14 @@ > > * # the text between the brackets as two permissions: > 'remote:invoke:lan' and 'wan' instead of the > > * # single desired 'remote:invoke:lan,wan' token. So, you can use > quotes wherever you need to escape internal > > * # commas.) > > - * > > + * <p/> > > * /account/** = <a href="#authcBasic">authcBasic</a> > > * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a > href="#roles">roles</a>[b2bClient], <a > href="#perms">perms</a>[remote:invoke:"lan,wan"] > > - * > > + * <p/> > > * </param-value></init-param> > > * </filter> > > - * > > - * > > + * <p/> > > + * <p/> > > * <filter-mapping> > > * <filter-name>JSecurityFilter</filter-name> > > * <url-pattern>/*</url-pattern> > > @@ -185,7 +185,7 @@ > > public static final String CONFIG_INIT_PARAM_NAME = "config"; > > public static final String CONFIG_URL_INIT_PARAM_NAME = "configUrl"; > > > > - private static final Log log = > LogFactory.getLog(JSecurityFilter.class); > > + private static final Log log = > LogFactory.getLog(JSecurityFilter.class); > > > > protected String config; > > protected String configUrl; > > @@ -238,7 +238,7 @@ > > if (sm == null) { > > if (log.isInfoEnabled()) { > > log.info("Configuration instance [" + config + "] did > not provide a SecurityManager. No config " + > > - "specified? Defaulting to a " + > DefaultWebSecurityManager.class.getName() + " instance..."); > > + "specified? Defaulting to a " + > DefaultWebSecurityManager.class.getName() + " instance..."); > > } > > sm = new DefaultWebSecurityManager(); > > } > > @@ -255,8 +255,8 @@ > > this.configClassName = configCN; > > } else { > > String msg = "configClassName fully qualified class name > value [" + configCN + "] is not " + > > - "available in the classpath. Please ensure you > have typed it correctly and the " + > > - "corresponding class or jar is in the > classpath."; > > + "available in the classpath. Please ensure you have > typed it correctly and the " + > > + "corresponding class or jar is in the classpath."; > > throw new ConfigurationException(msg); > > } > > } > > @@ -277,7 +277,7 @@ > > protected void applyFilterConfig(WebConfiguration conf) { > > if (log.isDebugEnabled()) { > > String msg = "Attempting to inject the FilterConfig (using > 'setFilterConfig' method) into the " + > > - "instantiated WebConfiguration for any wrapped > Filter initialization..."; > > + "instantiated WebConfiguration for any wrapped Filter > initialization..."; > > log.debug(msg); > > } > > try { > > @@ -301,9 +301,9 @@ > > PropertyUtils.setProperty(conf, "config", > this.config); > > } else { > > String msg = "The 'config' filter param was > specified, but there is no " + > > - "'setConfig(String)' method on the > Configuration instance [" + conf + "]. If you do " + > > - "not require the 'config' filter param, > please comment it out, or if you do need it, " + > > - "please ensure your Configuration instance > has a 'setConfig(String)' method to receive it."; > > + "'setConfig(String)' method on the Configuration > instance [" + conf + "]. If you do " + > > + "not require the 'config' filter param, please > comment it out, or if you do need it, " + > > + "please ensure your Configuration instance has a > 'setConfig(String)' method to receive it."; > > throw new ConfigurationException(msg); > > } > > } catch (Exception e) { > > @@ -322,9 +322,9 @@ > > PropertyUtils.setProperty(conf, "configUrl", > this.configUrl); > > } else { > > String msg = "The 'configUrl' filter param was > specified, but there is no " + > > - "'setConfigUrl(String)' method on the > Configuration instance [" + conf + "]. If you do " + > > - "not require the 'configUrl' filter param, > please comment it out, or if you do need it, " + > > - "please ensure your Configuration instance > has a 'setConfigUrl(String)' method to receive it."; > > + "'setConfigUrl(String)' method on the > Configuration instance [" + conf + "]. If you do " + > > + "not require the 'configUrl' filter param, > please comment it out, or if you do need it, " + > > + "please ensure your Configuration instance has a > 'setConfigUrl(String)' method to receive it."; > > throw new ConfigurationException(msg); > > } > > } catch (Exception e) { > > @@ -347,26 +347,69 @@ > > return WebUtils.getInetAddress(request); > > } > > > > - protected void doFilterInternal(ServletRequest servletRequest, > ServletResponse servletResponse, > > - FilterChain origChain) throws > ServletException, IOException { > > + /** > > + * Wraps the original HttpServletRequest in a {...@link > JSecurityHttpServletRequest} > > + * @since 1.0 > > + */ > > + protected ServletRequest wrapServletRequest(HttpServletRequest orig) > { > > + return new JSecurityHttpServletRequest(orig, > getServletContext(), isHttpSessions()); > > + } > > > > - HttpServletRequest request = (HttpServletRequest) > servletRequest; > > - HttpServletResponse response = (HttpServletResponse) > servletResponse; > > + /** @since 1.0 */ > > + protected ServletRequest prepareServletRequest(ServletRequest > request, ServletResponse response, > > + FilterChain chain) { > > + ServletRequest toUse = request; > > + if (request instanceof HttpServletRequest) { > > + HttpServletRequest http = (HttpServletRequest) request; > > + toUse = wrapServletRequest(http); > > + } > > + return toUse; > > + } > > > > - ThreadContext.bind(getInetAddress(request)); > > + /** @since 1.0 */ > > + protected ServletResponse wrapServletResponse(HttpServletResponse > orig, JSecurityHttpServletRequest request) { > > + return new JSecurityHttpServletResponse(orig, > getServletContext(), request); > > + } > > > > - boolean httpSessions = isHttpSessions(); > > - request = new JSecurityHttpServletRequest(request, > getServletContext(), httpSessions); > > - if (!httpSessions) { > > + /** @since 1.0 */ > > + protected ServletResponse prepareServletResponse(ServletRequest > request, ServletResponse response, > > + FilterChain chain) > { > > + ServletResponse toUse = response; > > + if (isHttpSessions() && (request instanceof > JSecurityHttpServletRequest) && > > + (response instanceof HttpServletResponse)) { > > //the JSecurityHttpServletResponse exists to support URL > rewriting for session ids. This is only needed if > > //using JSecurity sessions (i.e. not simple HttpSession based > sessions): > > - response = new JSecurityHttpServletResponse(response, > getServletContext(), (JSecurityHttpServletRequest) request); > > + toUse = wrapServletResponse((HttpServletResponse) response, > (JSecurityHttpServletRequest) request); > > } > > + return toUse; > > + } > > > > + /** @since 1.0 */ > > + protected void bind(ServletRequest request, ServletResponse > response) { > > + WebUtils.bindInetAddressToThread(request); > > WebUtils.bind(request); > > WebUtils.bind(response); > > ThreadContext.bind(getSecurityManager()); > > ThreadContext.bind(getSecurityManager().getSubject()); > > + } > > + > > + /** @since 1.0 */ > > + protected void unbind(ServletRequest request, ServletResponse > response) { > > + //arguments ignored, just clear the thread: > > + ThreadContext.unbindSubject(); > > + ThreadContext.unbindSecurityManager(); > > + WebUtils.unbindServletResponse(); > > + WebUtils.unbindServletRequest(); > > + ThreadContext.unbindInetAddress(); > > + } > > + > > + protected void doFilterInternal(ServletRequest servletRequest, > ServletResponse servletResponse, > > + FilterChain origChain) throws > ServletException, IOException { > > + > > + ServletRequest request = prepareServletRequest(servletRequest, > servletResponse, origChain); > > + ServletResponse response = prepareServletResponse(request, > servletResponse, origChain); > > + > > + bind(request, response); > > > > FilterChain chain = getConfiguration().getChain(request, > response, origChain); > > if (chain == null) { > > @@ -383,11 +426,7 @@ > > try { > > chain.doFilter(request, response); > > } finally { > > - ThreadContext.unbindSubject(); > > - ThreadContext.unbindSecurityManager(); > > - WebUtils.unbindServletResponse(); > > - WebUtils.unbindServletRequest(); > > - ThreadContext.unbindInetAddress(); > > + unbind(request, response); > > } > > } > > > > > > Modified: > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > > URL: > http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff > > > ============================================================================== > > --- > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > (original) > > +++ > incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java > Tue Feb 17 15:24:02 2009 > > @@ -229,7 +229,8 @@ > > return sessionId; > > } > > > > - public Session retrieveSession(Serializable sessionId) throws > InvalidSessionException, AuthorizationException { > > + @Override > > + protected Session retrieveSession(Serializable sessionId) throws > InvalidSessionException, AuthorizationException { > > if (sessionId != null) { > > return super.retrieveSession(sessionId); > > } else { > > > > > > > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
