Yep, I've been using it in 8 - its really great! Much better than before :)
On Wed, Feb 18, 2009 at 1:03 AM, David O'Flynn <[email protected]>wrote: > We've found some issues with that for larger products. > > IDEA's mvn integration has gotten a lot better in v8. You can open the > pom.xml directly from IDEA, and IDEA is also happy to use mvn for building > the project too. > > > > > On 18/02/2009, at 4:20 PM, Alan D. Cabrera wrote: > > Easy enough to fix: >> >> mvn idea:idea >> >> >> :D >> >> >> Regards, >> Alan >> >> On Feb 17, 2009, at 7:43 AM, Les Hazlewood wrote: >> >> This was a result of me hosing something with my own installation that I >>> didn't understand. The easiest thing to do was to remove and replace >>> once I >>> got it up and running - I didn't want to waste time investigating how I >>> broke it. This is the first time I've seen this issue in 4 years, and >>> odds >>> are very high it is because of user error :) >>> >>> On Tue, Feb 17, 2009 at 10:29 AM, Emmanuel Lecharny < >>> [email protected]>wrote: >>> >>> I don't get it ... >>>> >>>> Either the project files are a (temporarily) hassle, and then you just >>>> need to remove them completely, and you don't have to inject them back >>>> (remind me a previous convo ;), or you keep them in svn, add some >>>> svn:ignore flags locally and remove them from your disk, and when they >>>> are fixed, you remove the svn:ignore property. That should do the >>>> trick, IMO? >>>> >>>> On Tue, Feb 17, 2009 at 4:24 PM, <[email protected]> wrote: >>>> >>>>> Author: lhazlewood >>>>> Date: Tue Feb 17 15:24:02 2009 >>>>> New Revision: 745117 >>>>> >>>>> URL: http://svn.apache.org/viewvc?rev=745117&view=rev >>>>> Log: >>>>> removing project files for now (seeing errors in my IDE) - will re-add >>>>> >>>> them after cleanup. Also added some utility methods to reduce method >>>> complexity >>>> >>>>> >>>>> Removed: >>>>> incubator/jsecurity/trunk/jsecurity.iml >>>>> incubator/jsecurity/trunk/jsecurity.ipr >>>>> incubator/jsecurity/trunk/samples/quickstart/quickstart.iml >>>>> incubator/jsecurity/trunk/samples/standalone/standalone.iml >>>>> Modified: >>>>> >>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java >>>> >>>>> >>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java >>>> >>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java >>>>> >>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java >>>> >>>>> >>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java >>>> >>>>> >>>>> Modified: >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java >>>> >>>>> URL: >>>>> >>>> >>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff >>>> >>>>> >>>>> ============================================================================== >>>> >>>>> --- >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java >>>> (original) >>>> >>>>> +++ >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java >>>> Tue Feb 17 15:24:02 2009 >>>> >>>>> @@ -75,7 +75,7 @@ >>>>> this(); >>>>> setRealms(realms); >>>>> } >>>>> - >>>>> + >>>>> /** >>>>> * Sets the path used to store the remember me cookie. This >>>>> >>>> determines which paths >>>> >>>>> * are able to view the remember me cookie. >>>>> @@ -149,7 +149,6 @@ >>>>> LifecycleUtils.destroy(getSessionManager()); >>>>> WebSessionManager sessionManager = >>>>> >>>> createSessionManager(mode); >>>> >>>>> setSessionManager(sessionManager); >>>>> - setSubjectFactory(new WebSubjectFactory(this, >>>>> >>>> sessionManager)); >>>> >>>>> } >>>>> } >>>>> >>>>> >>>>> Modified: >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java >>>> >>>>> URL: >>>>> >>>> >>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff >>>> >>>>> >>>>> ============================================================================== >>>> >>>>> --- >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java >>>> (original) >>>> >>>>> +++ >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java >>>> Tue Feb 17 15:24:02 2009 >>>> >>>>> @@ -85,9 +85,14 @@ >>>>> } >>>>> >>>>> protected Session getWebSession() { >>>>> - ServletRequest request = WebUtils.getRequiredServletRequest(); >>>>> - ServletResponse response = >>>>> >>>> WebUtils.getRequiredServletResponse(); >>>> >>>>> - return getWebSessionManager().getSession(request, response); >>>>> + ServletRequest request = WebUtils.getServletRequest(); >>>>> + ServletResponse response = WebUtils.getServletResponse(); >>>>> + if ( request == null || response == null ) { >>>>> + //no current web request - probably a remote method >>>>> >>>> invocation that didn't come in via a servlet request: >>>> >>>>> + return null; >>>>> + } else { >>>>> + return getWebSessionManager().getSession(request, >>>>> response); >>>>> + } >>>>> } >>>>> >>>>> @Override >>>>> @@ -110,7 +115,10 @@ >>>>> >>>>> InetAddress inet = inetAddress; >>>>> if (inet == null) { >>>>> - inet = >>>>> >>>> WebUtils.getInetAddress(WebUtils.getRequiredServletRequest()); >>>> >>>>> + ServletRequest request = WebUtils.getServletRequest(); >>>>> + if ( request != null ) { >>>>> + inet = WebUtils.getInetAddress(request); >>>>> + } >>>>> } >>>>> >>>>> return super.createSubject(pc, session, authc, inet); >>>>> >>>>> Modified: >>>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java >>>> >>>>> URL: >>>>> >>>> >>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff >>>> >>>>> >>>>> ============================================================================== >>>> >>>>> --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java >>>>> >>>> (original) >>>> >>>>> +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java >>>>> Tue >>>>> >>>> Feb 17 15:24:02 2009 >>>> >>>>> @@ -305,6 +305,29 @@ >>>>> } >>>>> >>>>> /** >>>>> + * Returns the current thread-bound {...@code ServletRequest} or >>>>> {...@code >>>>> >>>> null} if there is not one bound. >>>> >>>>> + * <p/> >>>>> + * It is the case in certain enterprise environments where a >>>>> >>>> web-enabled SecurityManager (and its internal mechanisms) >>>> >>>>> + * is the primary SecurityManager but also serves as a 'central' >>>>> >>>> coordinator for security operations in a cluster. >>>> >>>>> + * In these environments, it is possible for a web-enabled >>>>> >>>> SecurityManager to receive remote method invocations that >>>> >>>>> + * are not HTTP based. >>>>> + * <p/> >>>>> + * In these environments, we need to acquire a thread-bound >>>>> >>>> ServletRequest if it exists, but >>>> >>>>> + * not throw an exception if one is not found (with the assumption >>>>> >>>> that the incoming call is not a web request but >>>> >>>>> + * instead a remote method invocation). This method exists to >>>>> >>>> support these environments, whereas the >>>> >>>>> + * {...@link #getRequiredServletRequest() >>>>> getRequiredServletRequest()} >>>>> >>>> method always assumes a >>>> >>>>> + * servlet-only environment. >>>>> + * <p/> >>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists >>>>> for >>>>> >>>> JSecurity implementation requirements only. >>>> >>>>> + * >>>>> + * @return the current thread-bound {...@code ServletRequest} or >>>>> {...@code >>>>> >>>> null} if there is not one bound. >>>> >>>>> + * @since 1.0 >>>>> + */ >>>>> + public static ServletRequest getServletRequest() { >>>>> + return (ServletRequest) >>>>> ThreadContext.get(SERVLET_REQUEST_KEY); >>>>> + } >>>>> + >>>>> + /** >>>>> * Convenience method that simplifies retrieval of a required >>>>> >>>> thread-bound ServletRequest. If there is no >>>> >>>>> * ServletRequest bound to the thread when this method is called, an >>>>> >>>> <code>IllegalStateException</code> is >>>> >>>>> * thrown. >>>>> @@ -368,6 +391,29 @@ >>>>> } >>>>> >>>>> /** >>>>> + * Returns the current thread-bound {...@code ServletResponse} or >>>>> >>>> {...@code null} if there is not one bound. >>>> >>>>> + * <p/> >>>>> + * It is the case in certain enterprise environments where a >>>>> >>>> web-enabled SecurityManager (and its internal mechanisms) >>>> >>>>> + * is the primary SecurityManager but also serves as a 'central' >>>>> >>>> coordinator for security operations in a cluster. >>>> >>>>> + * In these environments, it is possible for a web-enabled >>>>> >>>> SecurityManager to receive remote method invocations that >>>> >>>>> + * are not HTTP based. >>>>> + * <p/> >>>>> + * In these environments, we need to acquire a thread-bound >>>>> >>>> ServletResponse if it exists, but >>>> >>>>> + * not throw an exception if one is not found (with the assumption >>>>> >>>> that the incoming call is not a web request but >>>> >>>>> + * instead a remote method invocation). This method exists to >>>>> >>>> support these environments, whereas the >>>> >>>>> + * {...@link #getRequiredServletResponse() >>>>> >>>> getRequiredServletResponse()} method always assumes a >>>> >>>>> + * servlet-only environment. >>>>> + * <p/> >>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists >>>>> for >>>>> >>>> JSecurity implementation requirements only. >>>> >>>>> + * >>>>> + * @return the current thread-bound {...@code ServletResponse} or >>>>> >>>> {...@code null} if there is not one bound. >>>> >>>>> + * @since 1.0 >>>>> + */ >>>>> + public static ServletResponse getServletResponse() { >>>>> + return (ServletResponse) >>>>> >>>> ThreadContext.get(SERVLET_RESPONSE_KEY); >>>> >>>>> + } >>>>> + >>>>> + /** >>>>> * Convenience method that simplifies retrieval of a required >>>>> >>>> thread-bound ServletResponse. If there is no >>>> >>>>> * ServletResponse bound to the thread when this method is called, an >>>>> >>>> <code>IllegalStateException</code> is >>>> >>>>> * thrown. >>>>> >>>>> Modified: >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java >>>> >>>>> URL: >>>>> >>>> >>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff >>>> >>>>> >>>>> ============================================================================== >>>> >>>>> --- >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java >>>> (original) >>>> >>>>> +++ >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java >>>> Tue Feb 17 15:24:02 2009 >>>> >>>>> @@ -42,21 +42,21 @@ >>>>> >>>>> /** >>>>> * Main ServletFilter that configures and enables all JSecurity >>>>> functions >>>>> >>>> within a web application. >>>> >>>>> - * >>>>> + * <p/> >>>>> * The following is a fully commented example that documents how to >>>>> >>>> configure it: >>>> >>>>> - * >>>>> + * <p/> >>>>> * <pre><filter> >>>>> * <filter-name>JSecurityFilter</filter-name> >>>>> * >>>>> >>>> >>>> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class> >>>> >>>>> * >>>>> >>>> >>>> <init-param><param-name>config</param-name><param-value> >>>> >>>>> - * >>>>> + * <p/> >>>>> * #NOTE: This config looks pretty long - but its not - its only 5 >>>>> lines >>>>> >>>> of actual config. >>>> >>>>> * # Everything else is just heavily commented to explain things >>>>> >>>> in-depth. Feel free to delete any >>>> >>>>> * # comments that you don't want to read from your own >>>>> >>>> configuration ;) >>>> >>>>> * # >>>>> * # Any commented values below are JSecurity's defaults. If you want >>>>> to >>>>> >>>> change any values, you only >>>> >>>>> * # need to uncomment the lines you want to change. >>>>> - * >>>>> + * <p/> >>>>> * [main] >>>>> * # The 'main' section defines JSecurity-wide configuration. >>>>> * # >>>>> @@ -69,7 +69,7 @@ >>>>> * # >>>>> * #securityManager = {...@link org.jsecurity.web.DefaultWebSecurityManager >>>>> >>>> org.jsecurity.web.DefaultWebSecurityManager} >>>> >>>>> * #securitymanage...@linkorg.jsecurity.web.defaultwebsecuritymanager >>>>> #setSessionMode(String) >>>>> >>>> sessionMode} = http >>>> >>>>> - * >>>>> + * <p/> >>>>> * [filters] >>>>> * # This section defines the 'pool' of all Filters available to the url >>>>> >>>> path definitions in the [urls] section below. >>>> >>>>> * # >>>>> @@ -112,7 +112,7 @@ >>>>> * # >>>>> * # Define your own filters here. To properly handle url path matching >>>>> >>>> (see the [urls] section below), your >>>> >>>>> * # filter should extend the {...@link >>>>> >>>> org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter} abstract >>>> class. >>>> >>>>> - * >>>>> + * <p/> >>>>> * [urls] >>>>> * # This section defines url path mappings. Each mapping entry must be >>>>> >>>> on a single line and conform to the >>>> >>>>> * # following representation: >>>>> @@ -158,14 +158,14 @@ >>>>> * # the text between the brackets as two permissions: >>>>> >>>> 'remote:invoke:lan' and 'wan' instead of the >>>> >>>>> * # single desired 'remote:invoke:lan,wan' token. So, you can use >>>>> >>>> quotes wherever you need to escape internal >>>> >>>>> * # commas.) >>>>> - * >>>>> + * <p/> >>>>> * /account/** = <a href="#authcBasic">authcBasic</a> >>>>> * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a >>>>> >>>> href="#roles">roles</a>[b2bClient], <a >>>> href="#perms">perms</a>[remote:invoke:"lan,wan"] >>>> >>>>> - * >>>>> + * <p/> >>>>> * </param-value></init-param> >>>>> * </filter> >>>>> - * >>>>> - * >>>>> + * <p/> >>>>> + * <p/> >>>>> * <filter-mapping> >>>>> * <filter-name>JSecurityFilter</filter-name> >>>>> * <url-pattern>/*</url-pattern> >>>>> @@ -185,7 +185,7 @@ >>>>> public static final String CONFIG_INIT_PARAM_NAME = "config"; >>>>> public static final String CONFIG_URL_INIT_PARAM_NAME = "configUrl"; >>>>> >>>>> - private static final Log log = >>>>> >>>> LogFactory.getLog(JSecurityFilter.class); >>>> >>>>> + private static final Log log = >>>>> >>>> LogFactory.getLog(JSecurityFilter.class); >>>> >>>>> >>>>> protected String config; >>>>> protected String configUrl; >>>>> @@ -238,7 +238,7 @@ >>>>> if (sm == null) { >>>>> if (log.isInfoEnabled()) { >>>>> log.info("Configuration instance [" + config + "] did >>>>> >>>> not provide a SecurityManager. No config " + >>>> >>>>> - "specified? Defaulting to a " + >>>>> >>>> DefaultWebSecurityManager.class.getName() + " instance..."); >>>> >>>>> + "specified? Defaulting to a " + >>>>> >>>> DefaultWebSecurityManager.class.getName() + " instance..."); >>>> >>>>> } >>>>> sm = new DefaultWebSecurityManager(); >>>>> } >>>>> @@ -255,8 +255,8 @@ >>>>> this.configClassName = configCN; >>>>> } else { >>>>> String msg = "configClassName fully qualified class name >>>>> >>>> value [" + configCN + "] is not " + >>>> >>>>> - "available in the classpath. Please ensure >>>>> you >>>>> >>>> have typed it correctly and the " + >>>> >>>>> - "corresponding class or jar is in the >>>>> >>>> classpath."; >>>> >>>>> + "available in the classpath. Please ensure you >>>>> have >>>>> >>>> typed it correctly and the " + >>>> >>>>> + "corresponding class or jar is in the classpath."; >>>>> throw new ConfigurationException(msg); >>>>> } >>>>> } >>>>> @@ -277,7 +277,7 @@ >>>>> protected void applyFilterConfig(WebConfiguration conf) { >>>>> if (log.isDebugEnabled()) { >>>>> String msg = "Attempting to inject the FilterConfig (using >>>>> >>>> 'setFilterConfig' method) into the " + >>>> >>>>> - "instantiated WebConfiguration for any wrapped >>>>> >>>> Filter initialization..."; >>>> >>>>> + "instantiated WebConfiguration for any wrapped Filter >>>>> >>>> initialization..."; >>>> >>>>> log.debug(msg); >>>>> } >>>>> try { >>>>> @@ -301,9 +301,9 @@ >>>>> PropertyUtils.setProperty(conf, "config", >>>>> >>>> this.config); >>>> >>>>> } else { >>>>> String msg = "The 'config' filter param was >>>>> >>>> specified, but there is no " + >>>> >>>>> - "'setConfig(String)' method on the >>>>> >>>> Configuration instance [" + conf + "]. If you do " + >>>> >>>>> - "not require the 'config' filter param, >>>>> >>>> please comment it out, or if you do need it, " + >>>> >>>>> - "please ensure your Configuration instance >>>>> >>>> has a 'setConfig(String)' method to receive it."; >>>> >>>>> + "'setConfig(String)' method on the >>>>> Configuration >>>>> >>>> instance [" + conf + "]. If you do " + >>>> >>>>> + "not require the 'config' filter param, please >>>>> >>>> comment it out, or if you do need it, " + >>>> >>>>> + "please ensure your Configuration instance has >>>>> a >>>>> >>>> 'setConfig(String)' method to receive it."; >>>> >>>>> throw new ConfigurationException(msg); >>>>> } >>>>> } catch (Exception e) { >>>>> @@ -322,9 +322,9 @@ >>>>> PropertyUtils.setProperty(conf, "configUrl", >>>>> >>>> this.configUrl); >>>> >>>>> } else { >>>>> String msg = "The 'configUrl' filter param was >>>>> >>>> specified, but there is no " + >>>> >>>>> - "'setConfigUrl(String)' method on the >>>>> >>>> Configuration instance [" + conf + "]. If you do " + >>>> >>>>> - "not require the 'configUrl' filter param, >>>>> >>>> please comment it out, or if you do need it, " + >>>> >>>>> - "please ensure your Configuration instance >>>>> >>>> has a 'setConfigUrl(String)' method to receive it."; >>>> >>>>> + "'setConfigUrl(String)' method on the >>>>> >>>> Configuration instance [" + conf + "]. If you do " + >>>> >>>>> + "not require the 'configUrl' filter param, >>>>> >>>> please comment it out, or if you do need it, " + >>>> >>>>> + "please ensure your Configuration instance has >>>>> a >>>>> >>>> 'setConfigUrl(String)' method to receive it."; >>>> >>>>> throw new ConfigurationException(msg); >>>>> } >>>>> } catch (Exception e) { >>>>> @@ -347,26 +347,69 @@ >>>>> return WebUtils.getInetAddress(request); >>>>> } >>>>> >>>>> - protected void doFilterInternal(ServletRequest servletRequest, >>>>> >>>> ServletResponse servletResponse, >>>> >>>>> - FilterChain origChain) throws >>>>> >>>> ServletException, IOException { >>>> >>>>> + /** >>>>> + * Wraps the original HttpServletRequest in a {...@link >>>>> >>>> JSecurityHttpServletRequest} >>>> >>>>> + * @since 1.0 >>>>> + */ >>>>> + protected ServletRequest wrapServletRequest(HttpServletRequest >>>>> orig) >>>>> >>>> { >>>> >>>>> + return new JSecurityHttpServletRequest(orig, >>>>> >>>> getServletContext(), isHttpSessions()); >>>> >>>>> + } >>>>> >>>>> - HttpServletRequest request = (HttpServletRequest) >>>>> >>>> servletRequest; >>>> >>>>> - HttpServletResponse response = (HttpServletResponse) >>>>> >>>> servletResponse; >>>> >>>>> + /** @since 1.0 */ >>>>> + protected ServletRequest prepareServletRequest(ServletRequest >>>>> >>>> request, ServletResponse response, >>>> >>>>> + FilterChain chain) >>>>> { >>>>> + ServletRequest toUse = request; >>>>> + if (request instanceof HttpServletRequest) { >>>>> + HttpServletRequest http = (HttpServletRequest) request; >>>>> + toUse = wrapServletRequest(http); >>>>> + } >>>>> + return toUse; >>>>> + } >>>>> >>>>> - ThreadContext.bind(getInetAddress(request)); >>>>> + /** @since 1.0 */ >>>>> + protected ServletResponse wrapServletResponse(HttpServletResponse >>>>> >>>> orig, JSecurityHttpServletRequest request) { >>>> >>>>> + return new JSecurityHttpServletResponse(orig, >>>>> >>>> getServletContext(), request); >>>> >>>>> + } >>>>> >>>>> - boolean httpSessions = isHttpSessions(); >>>>> - request = new JSecurityHttpServletRequest(request, >>>>> >>>> getServletContext(), httpSessions); >>>> >>>>> - if (!httpSessions) { >>>>> + /** @since 1.0 */ >>>>> + protected ServletResponse prepareServletResponse(ServletRequest >>>>> >>>> request, ServletResponse response, >>>> >>>>> + FilterChain >>>>> chain) >>>>> >>>> { >>>> >>>>> + ServletResponse toUse = response; >>>>> + if (isHttpSessions() && (request instanceof >>>>> >>>> JSecurityHttpServletRequest) && >>>> >>>>> + (response instanceof HttpServletResponse)) { >>>>> //the JSecurityHttpServletResponse exists to support URL >>>>> >>>> rewriting for session ids. This is only needed if >>>> >>>>> //using JSecurity sessions (i.e. not simple HttpSession based >>>>> >>>> sessions): >>>> >>>>> - response = new JSecurityHttpServletResponse(response, >>>>> >>>> getServletContext(), (JSecurityHttpServletRequest) request); >>>> >>>>> + toUse = wrapServletResponse((HttpServletResponse) >>>>> response, >>>>> >>>> (JSecurityHttpServletRequest) request); >>>> >>>>> } >>>>> + return toUse; >>>>> + } >>>>> >>>>> + /** @since 1.0 */ >>>>> + protected void bind(ServletRequest request, ServletResponse >>>>> >>>> response) { >>>> >>>>> + WebUtils.bindInetAddressToThread(request); >>>>> WebUtils.bind(request); >>>>> WebUtils.bind(response); >>>>> ThreadContext.bind(getSecurityManager()); >>>>> ThreadContext.bind(getSecurityManager().getSubject()); >>>>> + } >>>>> + >>>>> + /** @since 1.0 */ >>>>> + protected void unbind(ServletRequest request, ServletResponse >>>>> >>>> response) { >>>> >>>>> + //arguments ignored, just clear the thread: >>>>> + ThreadContext.unbindSubject(); >>>>> + ThreadContext.unbindSecurityManager(); >>>>> + WebUtils.unbindServletResponse(); >>>>> + WebUtils.unbindServletRequest(); >>>>> + ThreadContext.unbindInetAddress(); >>>>> + } >>>>> + >>>>> + protected void doFilterInternal(ServletRequest servletRequest, >>>>> >>>> ServletResponse servletResponse, >>>> >>>>> + FilterChain origChain) throws >>>>> >>>> ServletException, IOException { >>>> >>>>> + >>>>> + ServletRequest request = prepareServletRequest(servletRequest, >>>>> >>>> servletResponse, origChain); >>>> >>>>> + ServletResponse response = prepareServletResponse(request, >>>>> >>>> servletResponse, origChain); >>>> >>>>> + >>>>> + bind(request, response); >>>>> >>>>> FilterChain chain = getConfiguration().getChain(request, >>>>> >>>> response, origChain); >>>> >>>>> if (chain == null) { >>>>> @@ -383,11 +426,7 @@ >>>>> try { >>>>> chain.doFilter(request, response); >>>>> } finally { >>>>> - ThreadContext.unbindSubject(); >>>>> - ThreadContext.unbindSecurityManager(); >>>>> - WebUtils.unbindServletResponse(); >>>>> - WebUtils.unbindServletRequest(); >>>>> - ThreadContext.unbindInetAddress(); >>>>> + unbind(request, response); >>>>> } >>>>> } >>>>> >>>>> >>>>> Modified: >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java >>>> >>>>> URL: >>>>> >>>> >>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff >>>> >>>>> >>>>> ============================================================================== >>>> >>>>> --- >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java >>>> (original) >>>> >>>>> +++ >>>>> >>>> >>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java >>>> Tue Feb 17 15:24:02 2009 >>>> >>>>> @@ -229,7 +229,8 @@ >>>>> return sessionId; >>>>> } >>>>> >>>>> - public Session retrieveSession(Serializable sessionId) throws >>>>> >>>> InvalidSessionException, AuthorizationException { >>>> >>>>> + @Override >>>>> + protected Session retrieveSession(Serializable sessionId) throws >>>>> >>>> InvalidSessionException, AuthorizationException { >>>> >>>>> if (sessionId != null) { >>>>> return super.retrieveSession(sessionId); >>>>> } else { >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Cordialement, >>>> Emmanuel Lécharny >>>> www.iktek.com >>>> >>>> >> >
