I don't get it ...
Either the project files are a (temporarily) hassle, and then you
just
need to remove them completely, and you don't have to inject them
back
(remind me a previous convo ;), or you keep them in svn, add some
svn:ignore flags locally and remove them from your disk, and when
they
are fixed, you remove the svn:ignore property. That should do the
trick, IMO?
On Tue, Feb 17, 2009 at 4:24 PM, <[email protected]> wrote:
Author: lhazlewood
Date: Tue Feb 17 15:24:02 2009
New Revision: 745117
URL: http://svn.apache.org/viewvc?rev=745117&view=rev
Log:
removing project files for now (seeing errors in my IDE) - will re-
add
them after cleanup. Also added some utility methods to reduce method
complexity
Removed:
incubator/jsecurity/trunk/jsecurity.iml
incubator/jsecurity/trunk/jsecurity.ipr
incubator/jsecurity/trunk/samples/quickstart/quickstart.iml
incubator/jsecurity/trunk/samples/standalone/standalone.iml
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
DefaultWebSecurityManager.java
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebSubjectFactory.java
incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
JSecurityFilter.java
incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
DefaultWebSessionManager.java
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
DefaultWebSecurityManager.java
URL:
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
---
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
DefaultWebSecurityManager.java
(original)
+++
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
DefaultWebSecurityManager.java
Tue Feb 17 15:24:02 2009
@@ -75,7 +75,7 @@
this();
setRealms(realms);
}
-
+
/**
* Sets the path used to store the remember me cookie. This
determines which paths
* are able to view the remember me cookie.
@@ -149,7 +149,6 @@
LifecycleUtils.destroy(getSessionManager());
WebSessionManager sessionManager =
createSessionManager(mode);
setSessionManager(sessionManager);
- setSubjectFactory(new WebSubjectFactory(this,
sessionManager));
}
}
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebSubjectFactory.java
URL:
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
---
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebSubjectFactory.java
(original)
+++
incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebSubjectFactory.java
Tue Feb 17 15:24:02 2009
@@ -85,9 +85,14 @@
}
protected Session getWebSession() {
- ServletRequest request =
WebUtils.getRequiredServletRequest();
- ServletResponse response =
WebUtils.getRequiredServletResponse();
- return getWebSessionManager().getSession(request,
response);
+ ServletRequest request = WebUtils.getServletRequest();
+ ServletResponse response = WebUtils.getServletResponse();
+ if ( request == null || response == null ) {
+ //no current web request - probably a remote method
invocation that didn't come in via a servlet request:
+ return null;
+ } else {
+ return getWebSessionManager().getSession(request,
response);
+ }
}
@Override
@@ -110,7 +115,10 @@
InetAddress inet = inetAddress;
if (inet == null) {
- inet =
WebUtils.getInetAddress(WebUtils.getRequiredServletRequest());
+ ServletRequest request = WebUtils.getServletRequest();
+ if ( request != null ) {
+ inet = WebUtils.getInetAddress(request);
+ }
}
return super.createSubject(pc, session, authc, inet);
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
URL:
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebUtils.java
(original)
+++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/
WebUtils.java Tue
Feb 17 15:24:02 2009
@@ -305,6 +305,29 @@
}
/**
+ * Returns the current thread-bound {...@code ServletRequest} or
{...@code
null} if there is not one bound.
+ * <p/>
+ * It is the case in certain enterprise environments where a
web-enabled SecurityManager (and its internal mechanisms)
+ * is the primary SecurityManager but also serves as a
'central'
coordinator for security operations in a cluster.
+ * In these environments, it is possible for a web-enabled
SecurityManager to receive remote method invocations that
+ * are not HTTP based.
+ * <p/>
+ * In these environments, we need to acquire a thread-bound
ServletRequest if it exists, but
+ * not throw an exception if one is not found (with the
assumption
that the incoming call is not a web request but
+ * instead a remote method invocation). This method exists to
support these environments, whereas the
+ * {...@link #getRequiredServletRequest()
getRequiredServletRequest()}
method always assumes a
+ * servlet-only environment.
+ * <p/>
+ * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
exists for
JSecurity implementation requirements only.
+ *
+ * @return the current thread-bound {...@code ServletRequest} or
{...@code
null} if there is not one bound.
+ * @since 1.0
+ */
+ public static ServletRequest getServletRequest() {
+ return (ServletRequest)
ThreadContext.get(SERVLET_REQUEST_KEY);
+ }
+
+ /**
* Convenience method that simplifies retrieval of a required
thread-bound ServletRequest. If there is no
* ServletRequest bound to the thread when this method is
called, an
<code>IllegalStateException</code> is
* thrown.
@@ -368,6 +391,29 @@
}
/**
+ * Returns the current thread-bound {...@code ServletResponse} or
{...@code null} if there is not one bound.
+ * <p/>
+ * It is the case in certain enterprise environments where a
web-enabled SecurityManager (and its internal mechanisms)
+ * is the primary SecurityManager but also serves as a
'central'
coordinator for security operations in a cluster.
+ * In these environments, it is possible for a web-enabled
SecurityManager to receive remote method invocations that
+ * are not HTTP based.
+ * <p/>
+ * In these environments, we need to acquire a thread-bound
ServletResponse if it exists, but
+ * not throw an exception if one is not found (with the
assumption
that the incoming call is not a web request but
+ * instead a remote method invocation). This method exists to
support these environments, whereas the
+ * {...@link #getRequiredServletResponse()
getRequiredServletResponse()} method always assumes a
+ * servlet-only environment.
+ * <p/>
+ * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
exists for
JSecurity implementation requirements only.
+ *
+ * @return the current thread-bound {...@code ServletResponse} or
{...@code null} if there is not one bound.
+ * @since 1.0
+ */
+ public static ServletResponse getServletResponse() {
+ return (ServletResponse)
ThreadContext.get(SERVLET_RESPONSE_KEY);
+ }
+
+ /**
* Convenience method that simplifies retrieval of a required
thread-bound ServletResponse. If there is no
* ServletResponse bound to the thread when this method is
called, an
<code>IllegalStateException</code> is
* thrown.
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
JSecurityFilter.java
URL:
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
---
incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
JSecurityFilter.java
(original)
+++
incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
JSecurityFilter.java
Tue Feb 17 15:24:02 2009
@@ -42,21 +42,21 @@
/**
* Main ServletFilter that configures and enables all JSecurity
functions
within a web application.
- *
+ * <p/>
* The following is a fully commented example that documents how to
configure it:
- *
+ * <p/>
* <pre><filter>
* <filter-name>JSecurityFilter</filter-name>
*
<filter-class>org.jsecurity.web.servlet.JSecurityFilter</
filter-class>
*
<init-param><param-name>config</param-
name><param-value>
- *
+ * <p/>
* #NOTE: This config looks pretty long - but its not - its only 5
lines
of actual config.
* # Everything else is just heavily commented to explain
things
in-depth. Feel free to delete any
* # comments that you don't want to read from your own
configuration ;)
* #
* # Any commented values below are JSecurity's defaults. If you
want to
change any values, you only
* # need to uncomment the lines you want to change.
- *
+ * <p/>
* [main]
* # The 'main' section defines JSecurity-wide configuration.
* #
@@ -69,7 +69,7 @@
* #
* #securityManager = {...@link
org.jsecurity.web.DefaultWebSecurityManager
org.jsecurity.web.DefaultWebSecurityManager}
* #securityManager.
{...@linkorg
.jsecurity.web.DefaultWebSecurityManager#setSessionMode(String)
sessionMode} = http
- *
+ * <p/>
* [filters]
* # This section defines the 'pool' of all Filters available to
the url
path definitions in the [urls] section below.
* #
@@ -112,7 +112,7 @@
* #
* # Define your own filters here. To properly handle url path
matching
(see the [urls] section below), your
* # filter should extend the {...@link
org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter}
abstract
class.
- *
+ * <p/>
* [urls]
* # This section defines url path mappings. Each mapping entry
must be
on a single line and conform to the
* # following representation:
@@ -158,14 +158,14 @@
* # the text between the brackets as two permissions:
'remote:invoke:lan' and 'wan' instead of the
* # single desired 'remote:invoke:lan,wan' token. So, you can use
quotes wherever you need to escape internal
* # commas.)
- *
+ * <p/>
* /account/** = <a href="#authcBasic">authcBasic</a>
* /remoting/** = <a href="#authcBasic">authcBasic</a>, <a
href="#roles">roles</a>[b2bClient], <a
href="#perms">perms</a>[remote:invoke:"lan,wan"]
- *
+ * <p/>
* </param-value></init-param>
* </filter>
- *
- *
+ * <p/>
+ * <p/>
* <filter-mapping>
* <filter-name>JSecurityFilter</filter-name>
* <url-pattern>/*</url-pattern>
@@ -185,7 +185,7 @@
public static final String CONFIG_INIT_PARAM_NAME = "config";
public static final String CONFIG_URL_INIT_PARAM_NAME =
"configUrl";
- private static final Log log =
LogFactory.getLog(JSecurityFilter.class);
+ private static final Log log =
LogFactory.getLog(JSecurityFilter.class);
protected String config;
protected String configUrl;
@@ -238,7 +238,7 @@
if (sm == null) {
if (log.isInfoEnabled()) {
log.info("Configuration instance [" + config + "] did
not provide a SecurityManager. No config " +
- "specified? Defaulting to a " +
DefaultWebSecurityManager.class.getName() + " instance...");
+ "specified? Defaulting to a " +
DefaultWebSecurityManager.class.getName() + " instance...");
}
sm = new DefaultWebSecurityManager();
}
@@ -255,8 +255,8 @@
this.configClassName = configCN;
} else {
String msg = "configClassName fully qualified class
name
value [" + configCN + "] is not " +
- "available in the classpath. Please
ensure you
have typed it correctly and the " +
- "corresponding class or jar is in the
classpath.";
+ "available in the classpath. Please ensure
you have
typed it correctly and the " +
+ "corresponding class or jar is in the
classpath.";
throw new ConfigurationException(msg);
}
}
@@ -277,7 +277,7 @@
protected void applyFilterConfig(WebConfiguration conf) {
if (log.isDebugEnabled()) {
String msg = "Attempting to inject the FilterConfig
(using
'setFilterConfig' method) into the " +
- "instantiated WebConfiguration for any wrapped
Filter initialization...";
+ "instantiated WebConfiguration for any wrapped
Filter
initialization...";
log.debug(msg);
}
try {
@@ -301,9 +301,9 @@
PropertyUtils.setProperty(conf, "config",
this.config);
} else {
String msg = "The 'config' filter param was
specified, but there is no " +
- "'setConfig(String)' method on the
Configuration instance [" + conf + "]. If you do " +
- "not require the 'config' filter param,
please comment it out, or if you do need it, " +
- "please ensure your Configuration
instance
has a 'setConfig(String)' method to receive it.";
+ "'setConfig(String)' method on the
Configuration
instance [" + conf + "]. If you do " +
+ "not require the 'config' filter param,
please
comment it out, or if you do need it, " +
+ "please ensure your Configuration
instance has a
'setConfig(String)' method to receive it.";
throw new ConfigurationException(msg);
}
} catch (Exception e) {
@@ -322,9 +322,9 @@
PropertyUtils.setProperty(conf, "configUrl",
this.configUrl);
} else {
String msg = "The 'configUrl' filter param was
specified, but there is no " +
- "'setConfigUrl(String)' method on the
Configuration instance [" + conf + "]. If you do " +
- "not require the 'configUrl' filter
param,
please comment it out, or if you do need it, " +
- "please ensure your Configuration
instance
has a 'setConfigUrl(String)' method to receive it.";
+ "'setConfigUrl(String)' method on the
Configuration instance [" + conf + "]. If you do " +
+ "not require the 'configUrl' filter param,
please comment it out, or if you do need it, " +
+ "please ensure your Configuration
instance has a
'setConfigUrl(String)' method to receive it.";
throw new ConfigurationException(msg);
}
} catch (Exception e) {
@@ -347,26 +347,69 @@
return WebUtils.getInetAddress(request);
}
- protected void doFilterInternal(ServletRequest servletRequest,
ServletResponse servletResponse,
- FilterChain origChain) throws
ServletException, IOException {
+ /**
+ * Wraps the original HttpServletRequest in a {...@link
JSecurityHttpServletRequest}
+ * @since 1.0
+ */
+ protected ServletRequest
wrapServletRequest(HttpServletRequest orig)
{
+ return new JSecurityHttpServletRequest(orig,
getServletContext(), isHttpSessions());
+ }
- HttpServletRequest request = (HttpServletRequest)
servletRequest;
- HttpServletResponse response = (HttpServletResponse)
servletResponse;
+ /** @since 1.0 */
+ protected ServletRequest prepareServletRequest(ServletRequest
request, ServletResponse response,
+ FilterChain
chain) {
+ ServletRequest toUse = request;
+ if (request instanceof HttpServletRequest) {
+ HttpServletRequest http = (HttpServletRequest) request;
+ toUse = wrapServletRequest(http);
+ }
+ return toUse;
+ }
- ThreadContext.bind(getInetAddress(request));
+ /** @since 1.0 */
+ protected ServletResponse
wrapServletResponse(HttpServletResponse
orig, JSecurityHttpServletRequest request) {
+ return new JSecurityHttpServletResponse(orig,
getServletContext(), request);
+ }
- boolean httpSessions = isHttpSessions();
- request = new JSecurityHttpServletRequest(request,
getServletContext(), httpSessions);
- if (!httpSessions) {
+ /** @since 1.0 */
+ protected ServletResponse prepareServletResponse(ServletRequest
request, ServletResponse response,
+ FilterChain
chain)
{
+ ServletResponse toUse = response;
+ if (isHttpSessions() && (request instanceof
JSecurityHttpServletRequest) &&
+ (response instanceof HttpServletResponse)) {
//the JSecurityHttpServletResponse exists to support URL
rewriting for session ids. This is only needed if
//using JSecurity sessions (i.e. not simple HttpSession
based
sessions):
- response = new JSecurityHttpServletResponse(response,
getServletContext(), (JSecurityHttpServletRequest) request);
+ toUse = wrapServletResponse((HttpServletResponse)
response,
(JSecurityHttpServletRequest) request);
}
+ return toUse;
+ }
+ /** @since 1.0 */
+ protected void bind(ServletRequest request, ServletResponse
response) {
+ WebUtils.bindInetAddressToThread(request);
WebUtils.bind(request);
WebUtils.bind(response);
ThreadContext.bind(getSecurityManager());
ThreadContext.bind(getSecurityManager().getSubject());
+ }
+
+ /** @since 1.0 */
+ protected void unbind(ServletRequest request, ServletResponse
response) {
+ //arguments ignored, just clear the thread:
+ ThreadContext.unbindSubject();
+ ThreadContext.unbindSecurityManager();
+ WebUtils.unbindServletResponse();
+ WebUtils.unbindServletRequest();
+ ThreadContext.unbindInetAddress();
+ }
+
+ protected void doFilterInternal(ServletRequest servletRequest,
ServletResponse servletResponse,
+ FilterChain origChain) throws
ServletException, IOException {
+
+ ServletRequest request =
prepareServletRequest(servletRequest,
servletResponse, origChain);
+ ServletResponse response = prepareServletResponse(request,
servletResponse, origChain);
+
+ bind(request, response);
FilterChain chain = getConfiguration().getChain(request,
response, origChain);
if (chain == null) {
@@ -383,11 +426,7 @@
try {
chain.doFilter(request, response);
} finally {
- ThreadContext.unbindSubject();
- ThreadContext.unbindSecurityManager();
- WebUtils.unbindServletResponse();
- WebUtils.unbindServletRequest();
- ThreadContext.unbindInetAddress();
+ unbind(request, response);
}
}
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
DefaultWebSessionManager.java
URL:
http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
---
incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
DefaultWebSessionManager.java
(original)
+++
incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
DefaultWebSessionManager.java
Tue Feb 17 15:24:02 2009
@@ -229,7 +229,8 @@
return sessionId;
}
- public Session retrieveSession(Serializable sessionId) throws
InvalidSessionException, AuthorizationException {
+ @Override
+ protected Session retrieveSession(Serializable sessionId)
throws
InvalidSessionException, AuthorizationException {
if (sessionId != null) {
return super.retrieveSession(sessionId);
} else {
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
