You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Alan D. Cabrera" <li...@toolazydogs.com> on 2009/02/18 06:20:17 UTC
Re: svn commit: r745117 - in /incubator/jsecurity/trunk: ./ samples/quickstart/ samples/standalone/ web/src/org/jsecurity/web/ web/src/org/jsecurity/web/servlet/ web/src/org/jsecurity/web/session/
Easy enough to fix:
mvn idea:idea
:D
Regards,
Alan
On Feb 17, 2009, at 7:43 AM, Les Hazlewood wrote:
> This was a result of me hosing something with my own installation
> that I
> didn't understand. The easiest thing to do was to remove and
> replace once I
> got it up and running - I didn't want to waste time investigating
> how I
> broke it. This is the first time I've seen this issue in 4 years,
> and odds
> are very high it is because of user error :)
>
> On Tue, Feb 17, 2009 at 10:29 AM, Emmanuel Lecharny <elecharny@apache.org
> >wrote:
>
>> I don't get it ...
>>
>> Either the project files are a (temporarily) hassle, and then you
>> just
>> need to remove them completely, and you don't have to inject them
>> back
>> (remind me a previous convo ;), or you keep them in svn, add some
>> svn:ignore flags locally and remove them from your disk, and when
>> they
>> are fixed, you remove the svn:ignore property. That should do the
>> trick, IMO?
>>
>> On Tue, Feb 17, 2009 at 4:24 PM, <lh...@apache.org> wrote:
>>> Author: lhazlewood
>>> Date: Tue Feb 17 15:24:02 2009
>>> New Revision: 745117
>>>
>>> URL: http://svn.apache.org/viewvc?rev=745117&view=rev
>>> Log:
>>> removing project files for now (seeing errors in my IDE) - will re-
>>> add
>> them after cleanup. Also added some utility methods to reduce method
>> complexity
>>>
>>> Removed:
>>> incubator/jsecurity/trunk/jsecurity.iml
>>> incubator/jsecurity/trunk/jsecurity.ipr
>>> incubator/jsecurity/trunk/samples/quickstart/quickstart.iml
>>> incubator/jsecurity/trunk/samples/standalone/standalone.iml
>>> Modified:
>>>
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> DefaultWebSecurityManager.java
>>>
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> WebSubjectFactory.java
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>> JSecurityFilter.java
>>>
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>> DefaultWebSessionManager.java
>>>
>>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> DefaultWebSecurityManager.java
>>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>>> ---
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> DefaultWebSecurityManager.java
>> (original)
>>> +++
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> DefaultWebSecurityManager.java
>> Tue Feb 17 15:24:02 2009
>>> @@ -75,7 +75,7 @@
>>> this();
>>> setRealms(realms);
>>> }
>>> -
>>> +
>>> /**
>>> * Sets the path used to store the remember me cookie. This
>> determines which paths
>>> * are able to view the remember me cookie.
>>> @@ -149,7 +149,6 @@
>>> LifecycleUtils.destroy(getSessionManager());
>>> WebSessionManager sessionManager =
>> createSessionManager(mode);
>>> setSessionManager(sessionManager);
>>> - setSubjectFactory(new WebSubjectFactory(this,
>> sessionManager));
>>> }
>>> }
>>>
>>>
>>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> WebSubjectFactory.java
>>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff
>>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>>> ---
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> WebSubjectFactory.java
>> (original)
>>> +++
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>> WebSubjectFactory.java
>> Tue Feb 17 15:24:02 2009
>>> @@ -85,9 +85,14 @@
>>> }
>>>
>>> protected Session getWebSession() {
>>> - ServletRequest request =
>>> WebUtils.getRequiredServletRequest();
>>> - ServletResponse response =
>> WebUtils.getRequiredServletResponse();
>>> - return getWebSessionManager().getSession(request,
>>> response);
>>> + ServletRequest request = WebUtils.getServletRequest();
>>> + ServletResponse response = WebUtils.getServletResponse();
>>> + if ( request == null || response == null ) {
>>> + //no current web request - probably a remote method
>> invocation that didn't come in via a servlet request:
>>> + return null;
>>> + } else {
>>> + return getWebSessionManager().getSession(request,
>>> response);
>>> + }
>>> }
>>>
>>> @Override
>>> @@ -110,7 +115,10 @@
>>>
>>> InetAddress inet = inetAddress;
>>> if (inet == null) {
>>> - inet =
>> WebUtils.getInetAddress(WebUtils.getRequiredServletRequest());
>>> + ServletRequest request = WebUtils.getServletRequest();
>>> + if ( request != null ) {
>>> + inet = WebUtils.getInetAddress(request);
>>> + }
>>> }
>>>
>>> return super.createSubject(pc, session, authc, inet);
>>>
>>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff
>>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>>> --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebUtils.java
>> (original)
>>> +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebUtils.java Tue
>> Feb 17 15:24:02 2009
>>> @@ -305,6 +305,29 @@
>>> }
>>>
>>> /**
>>> + * Returns the current thread-bound {@code ServletRequest} or
>>> {@code
>> null} if there is not one bound.
>>> + * <p/>
>>> + * It is the case in certain enterprise environments where a
>> web-enabled SecurityManager (and its internal mechanisms)
>>> + * is the primary SecurityManager but also serves as a
>>> 'central'
>> coordinator for security operations in a cluster.
>>> + * In these environments, it is possible for a web-enabled
>> SecurityManager to receive remote method invocations that
>>> + * are not HTTP based.
>>> + * <p/>
>>> + * In these environments, we need to acquire a thread-bound
>> ServletRequest if it exists, but
>>> + * not throw an exception if one is not found (with the
>>> assumption
>> that the incoming call is not a web request but
>>> + * instead a remote method invocation). This method exists to
>> support these environments, whereas the
>>> + * {@link #getRequiredServletRequest()
>>> getRequiredServletRequest()}
>> method always assumes a
>>> + * servlet-only environment.
>>> + * <p/>
>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
>>> exists for
>> JSecurity implementation requirements only.
>>> + *
>>> + * @return the current thread-bound {@code ServletRequest} or
>>> {@code
>> null} if there is not one bound.
>>> + * @since 1.0
>>> + */
>>> + public static ServletRequest getServletRequest() {
>>> + return (ServletRequest)
>>> ThreadContext.get(SERVLET_REQUEST_KEY);
>>> + }
>>> +
>>> + /**
>>> * Convenience method that simplifies retrieval of a required
>> thread-bound ServletRequest. If there is no
>>> * ServletRequest bound to the thread when this method is
>>> called, an
>> <code>IllegalStateException</code> is
>>> * thrown.
>>> @@ -368,6 +391,29 @@
>>> }
>>>
>>> /**
>>> + * Returns the current thread-bound {@code ServletResponse} or
>> {@code null} if there is not one bound.
>>> + * <p/>
>>> + * It is the case in certain enterprise environments where a
>> web-enabled SecurityManager (and its internal mechanisms)
>>> + * is the primary SecurityManager but also serves as a
>>> 'central'
>> coordinator for security operations in a cluster.
>>> + * In these environments, it is possible for a web-enabled
>> SecurityManager to receive remote method invocations that
>>> + * are not HTTP based.
>>> + * <p/>
>>> + * In these environments, we need to acquire a thread-bound
>> ServletResponse if it exists, but
>>> + * not throw an exception if one is not found (with the
>>> assumption
>> that the incoming call is not a web request but
>>> + * instead a remote method invocation). This method exists to
>> support these environments, whereas the
>>> + * {@link #getRequiredServletResponse()
>> getRequiredServletResponse()} method always assumes a
>>> + * servlet-only environment.
>>> + * <p/>
>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
>>> exists for
>> JSecurity implementation requirements only.
>>> + *
>>> + * @return the current thread-bound {@code ServletResponse} or
>> {@code null} if there is not one bound.
>>> + * @since 1.0
>>> + */
>>> + public static ServletResponse getServletResponse() {
>>> + return (ServletResponse)
>> ThreadContext.get(SERVLET_RESPONSE_KEY);
>>> + }
>>> +
>>> + /**
>>> * Convenience method that simplifies retrieval of a required
>> thread-bound ServletResponse. If there is no
>>> * ServletResponse bound to the thread when this method is
>>> called, an
>> <code>IllegalStateException</code> is
>>> * thrown.
>>>
>>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>> JSecurityFilter.java
>>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff
>>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>>> ---
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>> JSecurityFilter.java
>> (original)
>>> +++
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>> JSecurityFilter.java
>> Tue Feb 17 15:24:02 2009
>>> @@ -42,21 +42,21 @@
>>>
>>> /**
>>> * Main ServletFilter that configures and enables all JSecurity
>>> functions
>> within a web application.
>>> - *
>>> + * <p/>
>>> * The following is a fully commented example that documents how to
>> configure it:
>>> - *
>>> + * <p/>
>>> * <pre><filter>
>>> * <filter-name>JSecurityFilter</filter-name>
>>> *
>> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</
>> filter-class>
>>> *
>> <init-param><param-name>config</param-
>> name><param-value>
>>> - *
>>> + * <p/>
>>> * #NOTE: This config looks pretty long - but its not - its only 5
>>> lines
>> of actual config.
>>> * # Everything else is just heavily commented to explain
>>> things
>> in-depth. Feel free to delete any
>>> * # comments that you don't want to read from your own
>> configuration ;)
>>> * #
>>> * # Any commented values below are JSecurity's defaults. If you
>>> want to
>> change any values, you only
>>> * # need to uncomment the lines you want to change.
>>> - *
>>> + * <p/>
>>> * [main]
>>> * # The 'main' section defines JSecurity-wide configuration.
>>> * #
>>> @@ -69,7 +69,7 @@
>>> * #
>>> * #securityManager = {@link
>>> org.jsecurity.web.DefaultWebSecurityManager
>> org.jsecurity.web.DefaultWebSecurityManager}
>>> * #securityManager.
>>> {@linkorg
>>> .jsecurity.web.DefaultWebSecurityManager#setSessionMode(String)
>> sessionMode} = http
>>> - *
>>> + * <p/>
>>> * [filters]
>>> * # This section defines the 'pool' of all Filters available to
>>> the url
>> path definitions in the [urls] section below.
>>> * #
>>> @@ -112,7 +112,7 @@
>>> * #
>>> * # Define your own filters here. To properly handle url path
>>> matching
>> (see the [urls] section below), your
>>> * # filter should extend the {@link
>> org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter}
>> abstract
>> class.
>>> - *
>>> + * <p/>
>>> * [urls]
>>> * # This section defines url path mappings. Each mapping entry
>>> must be
>> on a single line and conform to the
>>> * # following representation:
>>> @@ -158,14 +158,14 @@
>>> * # the text between the brackets as two permissions:
>> 'remote:invoke:lan' and 'wan' instead of the
>>> * # single desired 'remote:invoke:lan,wan' token. So, you can use
>> quotes wherever you need to escape internal
>>> * # commas.)
>>> - *
>>> + * <p/>
>>> * /account/** = <a href="#authcBasic">authcBasic</a>
>>> * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a
>> href="#roles">roles</a>[b2bClient], <a
>> href="#perms">perms</a>[remote:invoke:"lan,wan"]
>>> - *
>>> + * <p/>
>>> * </param-value></init-param>
>>> * </filter>
>>> - *
>>> - *
>>> + * <p/>
>>> + * <p/>
>>> * <filter-mapping>
>>> * <filter-name>JSecurityFilter</filter-name>
>>> * <url-pattern>/*</url-pattern>
>>> @@ -185,7 +185,7 @@
>>> public static final String CONFIG_INIT_PARAM_NAME = "config";
>>> public static final String CONFIG_URL_INIT_PARAM_NAME =
>>> "configUrl";
>>>
>>> - private static final Log log =
>> LogFactory.getLog(JSecurityFilter.class);
>>> + private static final Log log =
>> LogFactory.getLog(JSecurityFilter.class);
>>>
>>> protected String config;
>>> protected String configUrl;
>>> @@ -238,7 +238,7 @@
>>> if (sm == null) {
>>> if (log.isInfoEnabled()) {
>>> log.info("Configuration instance [" + config + "] did
>> not provide a SecurityManager. No config " +
>>> - "specified? Defaulting to a " +
>> DefaultWebSecurityManager.class.getName() + " instance...");
>>> + "specified? Defaulting to a " +
>> DefaultWebSecurityManager.class.getName() + " instance...");
>>> }
>>> sm = new DefaultWebSecurityManager();
>>> }
>>> @@ -255,8 +255,8 @@
>>> this.configClassName = configCN;
>>> } else {
>>> String msg = "configClassName fully qualified class
>>> name
>> value [" + configCN + "] is not " +
>>> - "available in the classpath. Please
>>> ensure you
>> have typed it correctly and the " +
>>> - "corresponding class or jar is in the
>> classpath.";
>>> + "available in the classpath. Please ensure
>>> you have
>> typed it correctly and the " +
>>> + "corresponding class or jar is in the
>>> classpath.";
>>> throw new ConfigurationException(msg);
>>> }
>>> }
>>> @@ -277,7 +277,7 @@
>>> protected void applyFilterConfig(WebConfiguration conf) {
>>> if (log.isDebugEnabled()) {
>>> String msg = "Attempting to inject the FilterConfig
>>> (using
>> 'setFilterConfig' method) into the " +
>>> - "instantiated WebConfiguration for any wrapped
>> Filter initialization...";
>>> + "instantiated WebConfiguration for any wrapped
>>> Filter
>> initialization...";
>>> log.debug(msg);
>>> }
>>> try {
>>> @@ -301,9 +301,9 @@
>>> PropertyUtils.setProperty(conf, "config",
>> this.config);
>>> } else {
>>> String msg = "The 'config' filter param was
>> specified, but there is no " +
>>> - "'setConfig(String)' method on the
>> Configuration instance [" + conf + "]. If you do " +
>>> - "not require the 'config' filter param,
>> please comment it out, or if you do need it, " +
>>> - "please ensure your Configuration
>>> instance
>> has a 'setConfig(String)' method to receive it.";
>>> + "'setConfig(String)' method on the
>>> Configuration
>> instance [" + conf + "]. If you do " +
>>> + "not require the 'config' filter param,
>>> please
>> comment it out, or if you do need it, " +
>>> + "please ensure your Configuration
>>> instance has a
>> 'setConfig(String)' method to receive it.";
>>> throw new ConfigurationException(msg);
>>> }
>>> } catch (Exception e) {
>>> @@ -322,9 +322,9 @@
>>> PropertyUtils.setProperty(conf, "configUrl",
>> this.configUrl);
>>> } else {
>>> String msg = "The 'configUrl' filter param was
>> specified, but there is no " +
>>> - "'setConfigUrl(String)' method on the
>> Configuration instance [" + conf + "]. If you do " +
>>> - "not require the 'configUrl' filter
>>> param,
>> please comment it out, or if you do need it, " +
>>> - "please ensure your Configuration
>>> instance
>> has a 'setConfigUrl(String)' method to receive it.";
>>> + "'setConfigUrl(String)' method on the
>> Configuration instance [" + conf + "]. If you do " +
>>> + "not require the 'configUrl' filter param,
>> please comment it out, or if you do need it, " +
>>> + "please ensure your Configuration
>>> instance has a
>> 'setConfigUrl(String)' method to receive it.";
>>> throw new ConfigurationException(msg);
>>> }
>>> } catch (Exception e) {
>>> @@ -347,26 +347,69 @@
>>> return WebUtils.getInetAddress(request);
>>> }
>>>
>>> - protected void doFilterInternal(ServletRequest servletRequest,
>> ServletResponse servletResponse,
>>> - FilterChain origChain) throws
>> ServletException, IOException {
>>> + /**
>>> + * Wraps the original HttpServletRequest in a {@link
>> JSecurityHttpServletRequest}
>>> + * @since 1.0
>>> + */
>>> + protected ServletRequest
>>> wrapServletRequest(HttpServletRequest orig)
>> {
>>> + return new JSecurityHttpServletRequest(orig,
>> getServletContext(), isHttpSessions());
>>> + }
>>>
>>> - HttpServletRequest request = (HttpServletRequest)
>> servletRequest;
>>> - HttpServletResponse response = (HttpServletResponse)
>> servletResponse;
>>> + /** @since 1.0 */
>>> + protected ServletRequest prepareServletRequest(ServletRequest
>> request, ServletResponse response,
>>> + FilterChain
>>> chain) {
>>> + ServletRequest toUse = request;
>>> + if (request instanceof HttpServletRequest) {
>>> + HttpServletRequest http = (HttpServletRequest) request;
>>> + toUse = wrapServletRequest(http);
>>> + }
>>> + return toUse;
>>> + }
>>>
>>> - ThreadContext.bind(getInetAddress(request));
>>> + /** @since 1.0 */
>>> + protected ServletResponse
>>> wrapServletResponse(HttpServletResponse
>> orig, JSecurityHttpServletRequest request) {
>>> + return new JSecurityHttpServletResponse(orig,
>> getServletContext(), request);
>>> + }
>>>
>>> - boolean httpSessions = isHttpSessions();
>>> - request = new JSecurityHttpServletRequest(request,
>> getServletContext(), httpSessions);
>>> - if (!httpSessions) {
>>> + /** @since 1.0 */
>>> + protected ServletResponse prepareServletResponse(ServletRequest
>> request, ServletResponse response,
>>> + FilterChain
>>> chain)
>> {
>>> + ServletResponse toUse = response;
>>> + if (isHttpSessions() && (request instanceof
>> JSecurityHttpServletRequest) &&
>>> + (response instanceof HttpServletResponse)) {
>>> //the JSecurityHttpServletResponse exists to support URL
>> rewriting for session ids. This is only needed if
>>> //using JSecurity sessions (i.e. not simple HttpSession
>>> based
>> sessions):
>>> - response = new JSecurityHttpServletResponse(response,
>> getServletContext(), (JSecurityHttpServletRequest) request);
>>> + toUse = wrapServletResponse((HttpServletResponse)
>>> response,
>> (JSecurityHttpServletRequest) request);
>>> }
>>> + return toUse;
>>> + }
>>>
>>> + /** @since 1.0 */
>>> + protected void bind(ServletRequest request, ServletResponse
>> response) {
>>> + WebUtils.bindInetAddressToThread(request);
>>> WebUtils.bind(request);
>>> WebUtils.bind(response);
>>> ThreadContext.bind(getSecurityManager());
>>> ThreadContext.bind(getSecurityManager().getSubject());
>>> + }
>>> +
>>> + /** @since 1.0 */
>>> + protected void unbind(ServletRequest request, ServletResponse
>> response) {
>>> + //arguments ignored, just clear the thread:
>>> + ThreadContext.unbindSubject();
>>> + ThreadContext.unbindSecurityManager();
>>> + WebUtils.unbindServletResponse();
>>> + WebUtils.unbindServletRequest();
>>> + ThreadContext.unbindInetAddress();
>>> + }
>>> +
>>> + protected void doFilterInternal(ServletRequest servletRequest,
>> ServletResponse servletResponse,
>>> + FilterChain origChain) throws
>> ServletException, IOException {
>>> +
>>> + ServletRequest request =
>>> prepareServletRequest(servletRequest,
>> servletResponse, origChain);
>>> + ServletResponse response = prepareServletResponse(request,
>> servletResponse, origChain);
>>> +
>>> + bind(request, response);
>>>
>>> FilterChain chain = getConfiguration().getChain(request,
>> response, origChain);
>>> if (chain == null) {
>>> @@ -383,11 +426,7 @@
>>> try {
>>> chain.doFilter(request, response);
>>> } finally {
>>> - ThreadContext.unbindSubject();
>>> - ThreadContext.unbindSecurityManager();
>>> - WebUtils.unbindServletResponse();
>>> - WebUtils.unbindServletRequest();
>>> - ThreadContext.unbindInetAddress();
>>> + unbind(request, response);
>>> }
>>> }
>>>
>>>
>>> Modified:
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>> DefaultWebSessionManager.java
>>> URL:
>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>>> ---
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>> DefaultWebSessionManager.java
>> (original)
>>> +++
>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>> DefaultWebSessionManager.java
>> Tue Feb 17 15:24:02 2009
>>> @@ -229,7 +229,8 @@
>>> return sessionId;
>>> }
>>>
>>> - public Session retrieveSession(Serializable sessionId) throws
>> InvalidSessionException, AuthorizationException {
>>> + @Override
>>> + protected Session retrieveSession(Serializable sessionId)
>>> throws
>> InvalidSessionException, AuthorizationException {
>>> if (sessionId != null) {
>>> return super.retrieveSession(sessionId);
>>> } else {
>>>
>>>
>>>
>>
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>>
Re: svn commit: r745117 - in /incubator/jsecurity/trunk: ./
samples/quickstart/ samples/standalone/ web/src/org/jsecurity/web/
web/src/org/jsecurity/web/servlet/ web/src/org/jsecurity/web/session/
Posted by Les Hazlewood <lh...@apache.org>.
Yep, I've been using it in 8 - its really great! Much better than before :)
On Wed, Feb 18, 2009 at 1:03 AM, David O'Flynn <do...@atlassian.com>wrote:
> We've found some issues with that for larger products.
>
> IDEA's mvn integration has gotten a lot better in v8. You can open the
> pom.xml directly from IDEA, and IDEA is also happy to use mvn for building
> the project too.
>
>
>
>
> On 18/02/2009, at 4:20 PM, Alan D. Cabrera wrote:
>
> Easy enough to fix:
>>
>> mvn idea:idea
>>
>>
>> :D
>>
>>
>> Regards,
>> Alan
>>
>> On Feb 17, 2009, at 7:43 AM, Les Hazlewood wrote:
>>
>> This was a result of me hosing something with my own installation that I
>>> didn't understand. The easiest thing to do was to remove and replace
>>> once I
>>> got it up and running - I didn't want to waste time investigating how I
>>> broke it. This is the first time I've seen this issue in 4 years, and
>>> odds
>>> are very high it is because of user error :)
>>>
>>> On Tue, Feb 17, 2009 at 10:29 AM, Emmanuel Lecharny <
>>> elecharny@apache.org>wrote:
>>>
>>> I don't get it ...
>>>>
>>>> Either the project files are a (temporarily) hassle, and then you just
>>>> need to remove them completely, and you don't have to inject them back
>>>> (remind me a previous convo ;), or you keep them in svn, add some
>>>> svn:ignore flags locally and remove them from your disk, and when they
>>>> are fixed, you remove the svn:ignore property. That should do the
>>>> trick, IMO?
>>>>
>>>> On Tue, Feb 17, 2009 at 4:24 PM, <lh...@apache.org> wrote:
>>>>
>>>>> Author: lhazlewood
>>>>> Date: Tue Feb 17 15:24:02 2009
>>>>> New Revision: 745117
>>>>>
>>>>> URL: http://svn.apache.org/viewvc?rev=745117&view=rev
>>>>> Log:
>>>>> removing project files for now (seeing errors in my IDE) - will re-add
>>>>>
>>>> them after cleanup. Also added some utility methods to reduce method
>>>> complexity
>>>>
>>>>>
>>>>> Removed:
>>>>> incubator/jsecurity/trunk/jsecurity.iml
>>>>> incubator/jsecurity/trunk/jsecurity.ipr
>>>>> incubator/jsecurity/trunk/samples/quickstart/quickstart.iml
>>>>> incubator/jsecurity/trunk/samples/standalone/standalone.iml
>>>>> Modified:
>>>>>
>>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java
>>>>
>>>>>
>>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java
>>>>
>>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>>>
>>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java
>>>>
>>>>>
>>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java
>>>>
>>>>>
>>>>> Modified:
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java
>>>>
>>>>> URL:
>>>>>
>>>>
>>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>>>>
>>>>> ==============================================================================
>>>>
>>>>> ---
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java
>>>> (original)
>>>>
>>>>> +++
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java
>>>> Tue Feb 17 15:24:02 2009
>>>>
>>>>> @@ -75,7 +75,7 @@
>>>>> this();
>>>>> setRealms(realms);
>>>>> }
>>>>> -
>>>>> +
>>>>> /**
>>>>> * Sets the path used to store the remember me cookie. This
>>>>>
>>>> determines which paths
>>>>
>>>>> * are able to view the remember me cookie.
>>>>> @@ -149,7 +149,6 @@
>>>>> LifecycleUtils.destroy(getSessionManager());
>>>>> WebSessionManager sessionManager =
>>>>>
>>>> createSessionManager(mode);
>>>>
>>>>> setSessionManager(sessionManager);
>>>>> - setSubjectFactory(new WebSubjectFactory(this,
>>>>>
>>>> sessionManager));
>>>>
>>>>> }
>>>>> }
>>>>>
>>>>>
>>>>> Modified:
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java
>>>>
>>>>> URL:
>>>>>
>>>>
>>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>>>>
>>>>> ==============================================================================
>>>>
>>>>> ---
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java
>>>> (original)
>>>>
>>>>> +++
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java
>>>> Tue Feb 17 15:24:02 2009
>>>>
>>>>> @@ -85,9 +85,14 @@
>>>>> }
>>>>>
>>>>> protected Session getWebSession() {
>>>>> - ServletRequest request = WebUtils.getRequiredServletRequest();
>>>>> - ServletResponse response =
>>>>>
>>>> WebUtils.getRequiredServletResponse();
>>>>
>>>>> - return getWebSessionManager().getSession(request, response);
>>>>> + ServletRequest request = WebUtils.getServletRequest();
>>>>> + ServletResponse response = WebUtils.getServletResponse();
>>>>> + if ( request == null || response == null ) {
>>>>> + //no current web request - probably a remote method
>>>>>
>>>> invocation that didn't come in via a servlet request:
>>>>
>>>>> + return null;
>>>>> + } else {
>>>>> + return getWebSessionManager().getSession(request,
>>>>> response);
>>>>> + }
>>>>> }
>>>>>
>>>>> @Override
>>>>> @@ -110,7 +115,10 @@
>>>>>
>>>>> InetAddress inet = inetAddress;
>>>>> if (inet == null) {
>>>>> - inet =
>>>>>
>>>> WebUtils.getInetAddress(WebUtils.getRequiredServletRequest());
>>>>
>>>>> + ServletRequest request = WebUtils.getServletRequest();
>>>>> + if ( request != null ) {
>>>>> + inet = WebUtils.getInetAddress(request);
>>>>> + }
>>>>> }
>>>>>
>>>>> return super.createSubject(pc, session, authc, inet);
>>>>>
>>>>> Modified:
>>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>>
>>>>> URL:
>>>>>
>>>>
>>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>>>>
>>>>> ==============================================================================
>>>>
>>>>> --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>>>
>>>> (original)
>>>>
>>>>> +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>>> Tue
>>>>>
>>>> Feb 17 15:24:02 2009
>>>>
>>>>> @@ -305,6 +305,29 @@
>>>>> }
>>>>>
>>>>> /**
>>>>> + * Returns the current thread-bound {@code ServletRequest} or
>>>>> {@code
>>>>>
>>>> null} if there is not one bound.
>>>>
>>>>> + * <p/>
>>>>> + * It is the case in certain enterprise environments where a
>>>>>
>>>> web-enabled SecurityManager (and its internal mechanisms)
>>>>
>>>>> + * is the primary SecurityManager but also serves as a 'central'
>>>>>
>>>> coordinator for security operations in a cluster.
>>>>
>>>>> + * In these environments, it is possible for a web-enabled
>>>>>
>>>> SecurityManager to receive remote method invocations that
>>>>
>>>>> + * are not HTTP based.
>>>>> + * <p/>
>>>>> + * In these environments, we need to acquire a thread-bound
>>>>>
>>>> ServletRequest if it exists, but
>>>>
>>>>> + * not throw an exception if one is not found (with the assumption
>>>>>
>>>> that the incoming call is not a web request but
>>>>
>>>>> + * instead a remote method invocation). This method exists to
>>>>>
>>>> support these environments, whereas the
>>>>
>>>>> + * {@link #getRequiredServletRequest()
>>>>> getRequiredServletRequest()}
>>>>>
>>>> method always assumes a
>>>>
>>>>> + * servlet-only environment.
>>>>> + * <p/>
>>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists
>>>>> for
>>>>>
>>>> JSecurity implementation requirements only.
>>>>
>>>>> + *
>>>>> + * @return the current thread-bound {@code ServletRequest} or
>>>>> {@code
>>>>>
>>>> null} if there is not one bound.
>>>>
>>>>> + * @since 1.0
>>>>> + */
>>>>> + public static ServletRequest getServletRequest() {
>>>>> + return (ServletRequest)
>>>>> ThreadContext.get(SERVLET_REQUEST_KEY);
>>>>> + }
>>>>> +
>>>>> + /**
>>>>> * Convenience method that simplifies retrieval of a required
>>>>>
>>>> thread-bound ServletRequest. If there is no
>>>>
>>>>> * ServletRequest bound to the thread when this method is called, an
>>>>>
>>>> <code>IllegalStateException</code> is
>>>>
>>>>> * thrown.
>>>>> @@ -368,6 +391,29 @@
>>>>> }
>>>>>
>>>>> /**
>>>>> + * Returns the current thread-bound {@code ServletResponse} or
>>>>>
>>>> {@code null} if there is not one bound.
>>>>
>>>>> + * <p/>
>>>>> + * It is the case in certain enterprise environments where a
>>>>>
>>>> web-enabled SecurityManager (and its internal mechanisms)
>>>>
>>>>> + * is the primary SecurityManager but also serves as a 'central'
>>>>>
>>>> coordinator for security operations in a cluster.
>>>>
>>>>> + * In these environments, it is possible for a web-enabled
>>>>>
>>>> SecurityManager to receive remote method invocations that
>>>>
>>>>> + * are not HTTP based.
>>>>> + * <p/>
>>>>> + * In these environments, we need to acquire a thread-bound
>>>>>
>>>> ServletResponse if it exists, but
>>>>
>>>>> + * not throw an exception if one is not found (with the assumption
>>>>>
>>>> that the incoming call is not a web request but
>>>>
>>>>> + * instead a remote method invocation). This method exists to
>>>>>
>>>> support these environments, whereas the
>>>>
>>>>> + * {@link #getRequiredServletResponse()
>>>>>
>>>> getRequiredServletResponse()} method always assumes a
>>>>
>>>>> + * servlet-only environment.
>>>>> + * <p/>
>>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It exists
>>>>> for
>>>>>
>>>> JSecurity implementation requirements only.
>>>>
>>>>> + *
>>>>> + * @return the current thread-bound {@code ServletResponse} or
>>>>>
>>>> {@code null} if there is not one bound.
>>>>
>>>>> + * @since 1.0
>>>>> + */
>>>>> + public static ServletResponse getServletResponse() {
>>>>> + return (ServletResponse)
>>>>>
>>>> ThreadContext.get(SERVLET_RESPONSE_KEY);
>>>>
>>>>> + }
>>>>> +
>>>>> + /**
>>>>> * Convenience method that simplifies retrieval of a required
>>>>>
>>>> thread-bound ServletResponse. If there is no
>>>>
>>>>> * ServletResponse bound to the thread when this method is called, an
>>>>>
>>>> <code>IllegalStateException</code> is
>>>>
>>>>> * thrown.
>>>>>
>>>>> Modified:
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java
>>>>
>>>>> URL:
>>>>>
>>>>
>>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>>>>
>>>>> ==============================================================================
>>>>
>>>>> ---
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java
>>>> (original)
>>>>
>>>>> +++
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java
>>>> Tue Feb 17 15:24:02 2009
>>>>
>>>>> @@ -42,21 +42,21 @@
>>>>>
>>>>> /**
>>>>> * Main ServletFilter that configures and enables all JSecurity
>>>>> functions
>>>>>
>>>> within a web application.
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * The following is a fully commented example that documents how to
>>>>>
>>>> configure it:
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * <pre><filter>
>>>>> * <filter-name>JSecurityFilter</filter-name>
>>>>> *
>>>>>
>>>>
>>>> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
>>>>
>>>>> *
>>>>>
>>>>
>>>> <init-param><param-name>config</param-name><param-value>
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * #NOTE: This config looks pretty long - but its not - its only 5
>>>>> lines
>>>>>
>>>> of actual config.
>>>>
>>>>> * # Everything else is just heavily commented to explain things
>>>>>
>>>> in-depth. Feel free to delete any
>>>>
>>>>> * # comments that you don't want to read from your own
>>>>>
>>>> configuration ;)
>>>>
>>>>> * #
>>>>> * # Any commented values below are JSecurity's defaults. If you want
>>>>> to
>>>>>
>>>> change any values, you only
>>>>
>>>>> * # need to uncomment the lines you want to change.
>>>>> - *
>>>>> + * <p/>
>>>>> * [main]
>>>>> * # The 'main' section defines JSecurity-wide configuration.
>>>>> * #
>>>>> @@ -69,7 +69,7 @@
>>>>> * #
>>>>> * #securityManager = {@link org.jsecurity.web.DefaultWebSecurityManager
>>>>>
>>>> org.jsecurity.web.DefaultWebSecurityManager}
>>>>
>>>>> * #securityManager.{@linkorg.jsecurity.web.DefaultWebSecurityManager
>>>>> #setSessionMode(String)
>>>>>
>>>> sessionMode} = http
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * [filters]
>>>>> * # This section defines the 'pool' of all Filters available to the url
>>>>>
>>>> path definitions in the [urls] section below.
>>>>
>>>>> * #
>>>>> @@ -112,7 +112,7 @@
>>>>> * #
>>>>> * # Define your own filters here. To properly handle url path matching
>>>>>
>>>> (see the [urls] section below), your
>>>>
>>>>> * # filter should extend the {@link
>>>>>
>>>> org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter} abstract
>>>> class.
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * [urls]
>>>>> * # This section defines url path mappings. Each mapping entry must be
>>>>>
>>>> on a single line and conform to the
>>>>
>>>>> * # following representation:
>>>>> @@ -158,14 +158,14 @@
>>>>> * # the text between the brackets as two permissions:
>>>>>
>>>> 'remote:invoke:lan' and 'wan' instead of the
>>>>
>>>>> * # single desired 'remote:invoke:lan,wan' token. So, you can use
>>>>>
>>>> quotes wherever you need to escape internal
>>>>
>>>>> * # commas.)
>>>>> - *
>>>>> + * <p/>
>>>>> * /account/** = <a href="#authcBasic">authcBasic</a>
>>>>> * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a
>>>>>
>>>> href="#roles">roles</a>[b2bClient], <a
>>>> href="#perms">perms</a>[remote:invoke:"lan,wan"]
>>>>
>>>>> - *
>>>>> + * <p/>
>>>>> * </param-value></init-param>
>>>>> * </filter>
>>>>> - *
>>>>> - *
>>>>> + * <p/>
>>>>> + * <p/>
>>>>> * <filter-mapping>
>>>>> * <filter-name>JSecurityFilter</filter-name>
>>>>> * <url-pattern>/*</url-pattern>
>>>>> @@ -185,7 +185,7 @@
>>>>> public static final String CONFIG_INIT_PARAM_NAME = "config";
>>>>> public static final String CONFIG_URL_INIT_PARAM_NAME = "configUrl";
>>>>>
>>>>> - private static final Log log =
>>>>>
>>>> LogFactory.getLog(JSecurityFilter.class);
>>>>
>>>>> + private static final Log log =
>>>>>
>>>> LogFactory.getLog(JSecurityFilter.class);
>>>>
>>>>>
>>>>> protected String config;
>>>>> protected String configUrl;
>>>>> @@ -238,7 +238,7 @@
>>>>> if (sm == null) {
>>>>> if (log.isInfoEnabled()) {
>>>>> log.info("Configuration instance [" + config + "] did
>>>>>
>>>> not provide a SecurityManager. No config " +
>>>>
>>>>> - "specified? Defaulting to a " +
>>>>>
>>>> DefaultWebSecurityManager.class.getName() + " instance...");
>>>>
>>>>> + "specified? Defaulting to a " +
>>>>>
>>>> DefaultWebSecurityManager.class.getName() + " instance...");
>>>>
>>>>> }
>>>>> sm = new DefaultWebSecurityManager();
>>>>> }
>>>>> @@ -255,8 +255,8 @@
>>>>> this.configClassName = configCN;
>>>>> } else {
>>>>> String msg = "configClassName fully qualified class name
>>>>>
>>>> value [" + configCN + "] is not " +
>>>>
>>>>> - "available in the classpath. Please ensure
>>>>> you
>>>>>
>>>> have typed it correctly and the " +
>>>>
>>>>> - "corresponding class or jar is in the
>>>>>
>>>> classpath.";
>>>>
>>>>> + "available in the classpath. Please ensure you
>>>>> have
>>>>>
>>>> typed it correctly and the " +
>>>>
>>>>> + "corresponding class or jar is in the classpath.";
>>>>> throw new ConfigurationException(msg);
>>>>> }
>>>>> }
>>>>> @@ -277,7 +277,7 @@
>>>>> protected void applyFilterConfig(WebConfiguration conf) {
>>>>> if (log.isDebugEnabled()) {
>>>>> String msg = "Attempting to inject the FilterConfig (using
>>>>>
>>>> 'setFilterConfig' method) into the " +
>>>>
>>>>> - "instantiated WebConfiguration for any wrapped
>>>>>
>>>> Filter initialization...";
>>>>
>>>>> + "instantiated WebConfiguration for any wrapped Filter
>>>>>
>>>> initialization...";
>>>>
>>>>> log.debug(msg);
>>>>> }
>>>>> try {
>>>>> @@ -301,9 +301,9 @@
>>>>> PropertyUtils.setProperty(conf, "config",
>>>>>
>>>> this.config);
>>>>
>>>>> } else {
>>>>> String msg = "The 'config' filter param was
>>>>>
>>>> specified, but there is no " +
>>>>
>>>>> - "'setConfig(String)' method on the
>>>>>
>>>> Configuration instance [" + conf + "]. If you do " +
>>>>
>>>>> - "not require the 'config' filter param,
>>>>>
>>>> please comment it out, or if you do need it, " +
>>>>
>>>>> - "please ensure your Configuration instance
>>>>>
>>>> has a 'setConfig(String)' method to receive it.";
>>>>
>>>>> + "'setConfig(String)' method on the
>>>>> Configuration
>>>>>
>>>> instance [" + conf + "]. If you do " +
>>>>
>>>>> + "not require the 'config' filter param, please
>>>>>
>>>> comment it out, or if you do need it, " +
>>>>
>>>>> + "please ensure your Configuration instance has
>>>>> a
>>>>>
>>>> 'setConfig(String)' method to receive it.";
>>>>
>>>>> throw new ConfigurationException(msg);
>>>>> }
>>>>> } catch (Exception e) {
>>>>> @@ -322,9 +322,9 @@
>>>>> PropertyUtils.setProperty(conf, "configUrl",
>>>>>
>>>> this.configUrl);
>>>>
>>>>> } else {
>>>>> String msg = "The 'configUrl' filter param was
>>>>>
>>>> specified, but there is no " +
>>>>
>>>>> - "'setConfigUrl(String)' method on the
>>>>>
>>>> Configuration instance [" + conf + "]. If you do " +
>>>>
>>>>> - "not require the 'configUrl' filter param,
>>>>>
>>>> please comment it out, or if you do need it, " +
>>>>
>>>>> - "please ensure your Configuration instance
>>>>>
>>>> has a 'setConfigUrl(String)' method to receive it.";
>>>>
>>>>> + "'setConfigUrl(String)' method on the
>>>>>
>>>> Configuration instance [" + conf + "]. If you do " +
>>>>
>>>>> + "not require the 'configUrl' filter param,
>>>>>
>>>> please comment it out, or if you do need it, " +
>>>>
>>>>> + "please ensure your Configuration instance has
>>>>> a
>>>>>
>>>> 'setConfigUrl(String)' method to receive it.";
>>>>
>>>>> throw new ConfigurationException(msg);
>>>>> }
>>>>> } catch (Exception e) {
>>>>> @@ -347,26 +347,69 @@
>>>>> return WebUtils.getInetAddress(request);
>>>>> }
>>>>>
>>>>> - protected void doFilterInternal(ServletRequest servletRequest,
>>>>>
>>>> ServletResponse servletResponse,
>>>>
>>>>> - FilterChain origChain) throws
>>>>>
>>>> ServletException, IOException {
>>>>
>>>>> + /**
>>>>> + * Wraps the original HttpServletRequest in a {@link
>>>>>
>>>> JSecurityHttpServletRequest}
>>>>
>>>>> + * @since 1.0
>>>>> + */
>>>>> + protected ServletRequest wrapServletRequest(HttpServletRequest
>>>>> orig)
>>>>>
>>>> {
>>>>
>>>>> + return new JSecurityHttpServletRequest(orig,
>>>>>
>>>> getServletContext(), isHttpSessions());
>>>>
>>>>> + }
>>>>>
>>>>> - HttpServletRequest request = (HttpServletRequest)
>>>>>
>>>> servletRequest;
>>>>
>>>>> - HttpServletResponse response = (HttpServletResponse)
>>>>>
>>>> servletResponse;
>>>>
>>>>> + /** @since 1.0 */
>>>>> + protected ServletRequest prepareServletRequest(ServletRequest
>>>>>
>>>> request, ServletResponse response,
>>>>
>>>>> + FilterChain chain)
>>>>> {
>>>>> + ServletRequest toUse = request;
>>>>> + if (request instanceof HttpServletRequest) {
>>>>> + HttpServletRequest http = (HttpServletRequest) request;
>>>>> + toUse = wrapServletRequest(http);
>>>>> + }
>>>>> + return toUse;
>>>>> + }
>>>>>
>>>>> - ThreadContext.bind(getInetAddress(request));
>>>>> + /** @since 1.0 */
>>>>> + protected ServletResponse wrapServletResponse(HttpServletResponse
>>>>>
>>>> orig, JSecurityHttpServletRequest request) {
>>>>
>>>>> + return new JSecurityHttpServletResponse(orig,
>>>>>
>>>> getServletContext(), request);
>>>>
>>>>> + }
>>>>>
>>>>> - boolean httpSessions = isHttpSessions();
>>>>> - request = new JSecurityHttpServletRequest(request,
>>>>>
>>>> getServletContext(), httpSessions);
>>>>
>>>>> - if (!httpSessions) {
>>>>> + /** @since 1.0 */
>>>>> + protected ServletResponse prepareServletResponse(ServletRequest
>>>>>
>>>> request, ServletResponse response,
>>>>
>>>>> + FilterChain
>>>>> chain)
>>>>>
>>>> {
>>>>
>>>>> + ServletResponse toUse = response;
>>>>> + if (isHttpSessions() && (request instanceof
>>>>>
>>>> JSecurityHttpServletRequest) &&
>>>>
>>>>> + (response instanceof HttpServletResponse)) {
>>>>> //the JSecurityHttpServletResponse exists to support URL
>>>>>
>>>> rewriting for session ids. This is only needed if
>>>>
>>>>> //using JSecurity sessions (i.e. not simple HttpSession based
>>>>>
>>>> sessions):
>>>>
>>>>> - response = new JSecurityHttpServletResponse(response,
>>>>>
>>>> getServletContext(), (JSecurityHttpServletRequest) request);
>>>>
>>>>> + toUse = wrapServletResponse((HttpServletResponse)
>>>>> response,
>>>>>
>>>> (JSecurityHttpServletRequest) request);
>>>>
>>>>> }
>>>>> + return toUse;
>>>>> + }
>>>>>
>>>>> + /** @since 1.0 */
>>>>> + protected void bind(ServletRequest request, ServletResponse
>>>>>
>>>> response) {
>>>>
>>>>> + WebUtils.bindInetAddressToThread(request);
>>>>> WebUtils.bind(request);
>>>>> WebUtils.bind(response);
>>>>> ThreadContext.bind(getSecurityManager());
>>>>> ThreadContext.bind(getSecurityManager().getSubject());
>>>>> + }
>>>>> +
>>>>> + /** @since 1.0 */
>>>>> + protected void unbind(ServletRequest request, ServletResponse
>>>>>
>>>> response) {
>>>>
>>>>> + //arguments ignored, just clear the thread:
>>>>> + ThreadContext.unbindSubject();
>>>>> + ThreadContext.unbindSecurityManager();
>>>>> + WebUtils.unbindServletResponse();
>>>>> + WebUtils.unbindServletRequest();
>>>>> + ThreadContext.unbindInetAddress();
>>>>> + }
>>>>> +
>>>>> + protected void doFilterInternal(ServletRequest servletRequest,
>>>>>
>>>> ServletResponse servletResponse,
>>>>
>>>>> + FilterChain origChain) throws
>>>>>
>>>> ServletException, IOException {
>>>>
>>>>> +
>>>>> + ServletRequest request = prepareServletRequest(servletRequest,
>>>>>
>>>> servletResponse, origChain);
>>>>
>>>>> + ServletResponse response = prepareServletResponse(request,
>>>>>
>>>> servletResponse, origChain);
>>>>
>>>>> +
>>>>> + bind(request, response);
>>>>>
>>>>> FilterChain chain = getConfiguration().getChain(request,
>>>>>
>>>> response, origChain);
>>>>
>>>>> if (chain == null) {
>>>>> @@ -383,11 +426,7 @@
>>>>> try {
>>>>> chain.doFilter(request, response);
>>>>> } finally {
>>>>> - ThreadContext.unbindSubject();
>>>>> - ThreadContext.unbindSecurityManager();
>>>>> - WebUtils.unbindServletResponse();
>>>>> - WebUtils.unbindServletRequest();
>>>>> - ThreadContext.unbindInetAddress();
>>>>> + unbind(request, response);
>>>>> }
>>>>> }
>>>>>
>>>>>
>>>>> Modified:
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java
>>>>
>>>>> URL:
>>>>>
>>>>
>>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>>>>
>>>>> ==============================================================================
>>>>
>>>>> ---
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java
>>>> (original)
>>>>
>>>>> +++
>>>>>
>>>>
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java
>>>> Tue Feb 17 15:24:02 2009
>>>>
>>>>> @@ -229,7 +229,8 @@
>>>>> return sessionId;
>>>>> }
>>>>>
>>>>> - public Session retrieveSession(Serializable sessionId) throws
>>>>>
>>>> InvalidSessionException, AuthorizationException {
>>>>
>>>>> + @Override
>>>>> + protected Session retrieveSession(Serializable sessionId) throws
>>>>>
>>>> InvalidSessionException, AuthorizationException {
>>>>
>>>>> if (sessionId != null) {
>>>>> return super.retrieveSession(sessionId);
>>>>> } else {
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Cordialement,
>>>> Emmanuel Lécharny
>>>> www.iktek.com
>>>>
>>>>
>>
>
Re: svn commit: r745117 - in /incubator/jsecurity/trunk: ./ samples/quickstart/ samples/standalone/ web/src/org/jsecurity/web/ web/src/org/jsecurity/web/servlet/ web/src/org/jsecurity/web/session/
Posted by David O'Flynn <do...@atlassian.com>.
We've found some issues with that for larger products.
IDEA's mvn integration has gotten a lot better in v8. You can open the
pom.xml directly from IDEA, and IDEA is also happy to use mvn for
building the project too.
On 18/02/2009, at 4:20 PM, Alan D. Cabrera wrote:
> Easy enough to fix:
>
> mvn idea:idea
>
>
> :D
>
>
> Regards,
> Alan
>
> On Feb 17, 2009, at 7:43 AM, Les Hazlewood wrote:
>
>> This was a result of me hosing something with my own installation
>> that I
>> didn't understand. The easiest thing to do was to remove and
>> replace once I
>> got it up and running - I didn't want to waste time investigating
>> how I
>> broke it. This is the first time I've seen this issue in 4 years,
>> and odds
>> are very high it is because of user error :)
>>
>> On Tue, Feb 17, 2009 at 10:29 AM, Emmanuel Lecharny <elecharny@apache.org
>> >wrote:
>>
>>> I don't get it ...
>>>
>>> Either the project files are a (temporarily) hassle, and then you
>>> just
>>> need to remove them completely, and you don't have to inject them
>>> back
>>> (remind me a previous convo ;), or you keep them in svn, add some
>>> svn:ignore flags locally and remove them from your disk, and when
>>> they
>>> are fixed, you remove the svn:ignore property. That should do the
>>> trick, IMO?
>>>
>>> On Tue, Feb 17, 2009 at 4:24 PM, <lh...@apache.org> wrote:
>>>> Author: lhazlewood
>>>> Date: Tue Feb 17 15:24:02 2009
>>>> New Revision: 745117
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=745117&view=rev
>>>> Log:
>>>> removing project files for now (seeing errors in my IDE) - will
>>>> re-add
>>> them after cleanup. Also added some utility methods to reduce
>>> method
>>> complexity
>>>>
>>>> Removed:
>>>> incubator/jsecurity/trunk/jsecurity.iml
>>>> incubator/jsecurity/trunk/jsecurity.ipr
>>>> incubator/jsecurity/trunk/samples/quickstart/quickstart.iml
>>>> incubator/jsecurity/trunk/samples/standalone/standalone.iml
>>>> Modified:
>>>>
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> DefaultWebSecurityManager.java
>>>>
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebSubjectFactory.java
>>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>>
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>>> JSecurityFilter.java
>>>>
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>>> DefaultWebSessionManager.java
>>>>
>>>> Modified:
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> DefaultWebSecurityManager.java
>>>> URL:
>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/DefaultWebSecurityManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>> ---
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> DefaultWebSecurityManager.java
>>> (original)
>>>> +++
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> DefaultWebSecurityManager.java
>>> Tue Feb 17 15:24:02 2009
>>>> @@ -75,7 +75,7 @@
>>>> this();
>>>> setRealms(realms);
>>>> }
>>>> -
>>>> +
>>>> /**
>>>> * Sets the path used to store the remember me cookie. This
>>> determines which paths
>>>> * are able to view the remember me cookie.
>>>> @@ -149,7 +149,6 @@
>>>> LifecycleUtils.destroy(getSessionManager());
>>>> WebSessionManager sessionManager =
>>> createSessionManager(mode);
>>>> setSessionManager(sessionManager);
>>>> - setSubjectFactory(new WebSubjectFactory(this,
>>> sessionManager));
>>>> }
>>>> }
>>>>
>>>>
>>>> Modified:
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebSubjectFactory.java
>>>> URL:
>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebSubjectFactory.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>> ---
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebSubjectFactory.java
>>> (original)
>>>> +++
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>> WebSubjectFactory.java
>>> Tue Feb 17 15:24:02 2009
>>>> @@ -85,9 +85,14 @@
>>>> }
>>>>
>>>> protected Session getWebSession() {
>>>> - ServletRequest request =
>>>> WebUtils.getRequiredServletRequest();
>>>> - ServletResponse response =
>>> WebUtils.getRequiredServletResponse();
>>>> - return getWebSessionManager().getSession(request,
>>>> response);
>>>> + ServletRequest request = WebUtils.getServletRequest();
>>>> + ServletResponse response = WebUtils.getServletResponse();
>>>> + if ( request == null || response == null ) {
>>>> + //no current web request - probably a remote method
>>> invocation that didn't come in via a servlet request:
>>>> + return null;
>>>> + } else {
>>>> + return getWebSessionManager().getSession(request,
>>>> response);
>>>> + }
>>>> }
>>>>
>>>> @Override
>>>> @@ -110,7 +115,10 @@
>>>>
>>>> InetAddress inet = inetAddress;
>>>> if (inet == null) {
>>>> - inet =
>>> WebUtils.getInetAddress(WebUtils.getRequiredServletRequest());
>>>> + ServletRequest request = WebUtils.getServletRequest();
>>>> + if ( request != null ) {
>>>> + inet = WebUtils.getInetAddress(request);
>>>> + }
>>>> }
>>>>
>>>> return super.createSubject(pc, session, authc, inet);
>>>>
>>>> Modified:
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java
>>>> URL:
>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/WebUtils.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>> --- incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>>> WebUtils.java
>>> (original)
>>>> +++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/
>>>> WebUtils.java Tue
>>> Feb 17 15:24:02 2009
>>>> @@ -305,6 +305,29 @@
>>>> }
>>>>
>>>> /**
>>>> + * Returns the current thread-bound {@code ServletRequest}
>>>> or {@code
>>> null} if there is not one bound.
>>>> + * <p/>
>>>> + * It is the case in certain enterprise environments where a
>>> web-enabled SecurityManager (and its internal mechanisms)
>>>> + * is the primary SecurityManager but also serves as a
>>>> 'central'
>>> coordinator for security operations in a cluster.
>>>> + * In these environments, it is possible for a web-enabled
>>> SecurityManager to receive remote method invocations that
>>>> + * are not HTTP based.
>>>> + * <p/>
>>>> + * In these environments, we need to acquire a thread-bound
>>> ServletRequest if it exists, but
>>>> + * not throw an exception if one is not found (with the
>>>> assumption
>>> that the incoming call is not a web request but
>>>> + * instead a remote method invocation). This method exists to
>>> support these environments, whereas the
>>>> + * {@link #getRequiredServletRequest()
>>>> getRequiredServletRequest()}
>>> method always assumes a
>>>> + * servlet-only environment.
>>>> + * <p/>
>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
>>>> exists for
>>> JSecurity implementation requirements only.
>>>> + *
>>>> + * @return the current thread-bound {@code ServletRequest}
>>>> or {@code
>>> null} if there is not one bound.
>>>> + * @since 1.0
>>>> + */
>>>> + public static ServletRequest getServletRequest() {
>>>> + return (ServletRequest)
>>>> ThreadContext.get(SERVLET_REQUEST_KEY);
>>>> + }
>>>> +
>>>> + /**
>>>> * Convenience method that simplifies retrieval of a required
>>> thread-bound ServletRequest. If there is no
>>>> * ServletRequest bound to the thread when this method is
>>>> called, an
>>> <code>IllegalStateException</code> is
>>>> * thrown.
>>>> @@ -368,6 +391,29 @@
>>>> }
>>>>
>>>> /**
>>>> + * Returns the current thread-bound {@code ServletResponse} or
>>> {@code null} if there is not one bound.
>>>> + * <p/>
>>>> + * It is the case in certain enterprise environments where a
>>> web-enabled SecurityManager (and its internal mechanisms)
>>>> + * is the primary SecurityManager but also serves as a
>>>> 'central'
>>> coordinator for security operations in a cluster.
>>>> + * In these environments, it is possible for a web-enabled
>>> SecurityManager to receive remote method invocations that
>>>> + * are not HTTP based.
>>>> + * <p/>
>>>> + * In these environments, we need to acquire a thread-bound
>>> ServletResponse if it exists, but
>>>> + * not throw an exception if one is not found (with the
>>>> assumption
>>> that the incoming call is not a web request but
>>>> + * instead a remote method invocation). This method exists to
>>> support these environments, whereas the
>>>> + * {@link #getRequiredServletResponse()
>>> getRequiredServletResponse()} method always assumes a
>>>> + * servlet-only environment.
>>>> + * <p/>
>>>> + * <b>THIS IS NOT PART OF JSECURITY'S PUBLIC API.</b> It
>>>> exists for
>>> JSecurity implementation requirements only.
>>>> + *
>>>> + * @return the current thread-bound {@code ServletResponse} or
>>> {@code null} if there is not one bound.
>>>> + * @since 1.0
>>>> + */
>>>> + public static ServletResponse getServletResponse() {
>>>> + return (ServletResponse)
>>> ThreadContext.get(SERVLET_RESPONSE_KEY);
>>>> + }
>>>> +
>>>> + /**
>>>> * Convenience method that simplifies retrieval of a required
>>> thread-bound ServletResponse. If there is no
>>>> * ServletResponse bound to the thread when this method is
>>>> called, an
>>> <code>IllegalStateException</code> is
>>>> * thrown.
>>>>
>>>> Modified:
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>>> JSecurityFilter.java
>>>> URL:
>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/JSecurityFilter.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>> ---
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>>> JSecurityFilter.java
>>> (original)
>>>> +++
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/servlet/
>>> JSecurityFilter.java
>>> Tue Feb 17 15:24:02 2009
>>>> @@ -42,21 +42,21 @@
>>>>
>>>> /**
>>>> * Main ServletFilter that configures and enables all JSecurity
>>>> functions
>>> within a web application.
>>>> - *
>>>> + * <p/>
>>>> * The following is a fully commented example that documents how to
>>> configure it:
>>>> - *
>>>> + * <p/>
>>>> * <pre><filter>
>>>> * <filter-name>JSecurityFilter</filter-name>
>>>> *
>>> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</
>>> filter-class>
>>>> *
>>> <init-param><param-name>config</param-
>>> name><param-value>
>>>> - *
>>>> + * <p/>
>>>> * #NOTE: This config looks pretty long - but its not - its only
>>>> 5 lines
>>> of actual config.
>>>> * # Everything else is just heavily commented to explain
>>>> things
>>> in-depth. Feel free to delete any
>>>> * # comments that you don't want to read from your own
>>> configuration ;)
>>>> * #
>>>> * # Any commented values below are JSecurity's defaults. If you
>>>> want to
>>> change any values, you only
>>>> * # need to uncomment the lines you want to change.
>>>> - *
>>>> + * <p/>
>>>> * [main]
>>>> * # The 'main' section defines JSecurity-wide configuration.
>>>> * #
>>>> @@ -69,7 +69,7 @@
>>>> * #
>>>> * #securityManager = {@link
>>>> org.jsecurity.web.DefaultWebSecurityManager
>>> org.jsecurity.web.DefaultWebSecurityManager}
>>>> * #securityManager.{@linkorg.jsecurity.web.DefaultWebSecurityManager
>>>> #setSessionMode(String)
>>> sessionMode} = http
>>>> - *
>>>> + * <p/>
>>>> * [filters]
>>>> * # This section defines the 'pool' of all Filters available to
>>>> the url
>>> path definitions in the [urls] section below.
>>>> * #
>>>> @@ -112,7 +112,7 @@
>>>> * #
>>>> * # Define your own filters here. To properly handle url path
>>>> matching
>>> (see the [urls] section below), your
>>>> * # filter should extend the {@link
>>> org.jsecurity.web.filter.PathMatchingFilter PathMatchingFilter}
>>> abstract
>>> class.
>>>> - *
>>>> + * <p/>
>>>> * [urls]
>>>> * # This section defines url path mappings. Each mapping entry
>>>> must be
>>> on a single line and conform to the
>>>> * # following representation:
>>>> @@ -158,14 +158,14 @@
>>>> * # the text between the brackets as two permissions:
>>> 'remote:invoke:lan' and 'wan' instead of the
>>>> * # single desired 'remote:invoke:lan,wan' token. So, you can use
>>> quotes wherever you need to escape internal
>>>> * # commas.)
>>>> - *
>>>> + * <p/>
>>>> * /account/** = <a href="#authcBasic">authcBasic</a>
>>>> * /remoting/** = <a href="#authcBasic">authcBasic</a>, <a
>>> href="#roles">roles</a>[b2bClient], <a
>>> href="#perms">perms</a>[remote:invoke:"lan,wan"]
>>>> - *
>>>> + * <p/>
>>>> * </param-value></init-param>
>>>> * </filter>
>>>> - *
>>>> - *
>>>> + * <p/>
>>>> + * <p/>
>>>> * <filter-mapping>
>>>> * <filter-name>JSecurityFilter</filter-name>
>>>> * <url-pattern>/*</url-pattern>
>>>> @@ -185,7 +185,7 @@
>>>> public static final String CONFIG_INIT_PARAM_NAME = "config";
>>>> public static final String CONFIG_URL_INIT_PARAM_NAME =
>>>> "configUrl";
>>>>
>>>> - private static final Log log =
>>> LogFactory.getLog(JSecurityFilter.class);
>>>> + private static final Log log =
>>> LogFactory.getLog(JSecurityFilter.class);
>>>>
>>>> protected String config;
>>>> protected String configUrl;
>>>> @@ -238,7 +238,7 @@
>>>> if (sm == null) {
>>>> if (log.isInfoEnabled()) {
>>>> log.info("Configuration instance [" + config + "] did
>>> not provide a SecurityManager. No config " +
>>>> - "specified? Defaulting to a " +
>>> DefaultWebSecurityManager.class.getName() + " instance...");
>>>> + "specified? Defaulting to a " +
>>> DefaultWebSecurityManager.class.getName() + " instance...");
>>>> }
>>>> sm = new DefaultWebSecurityManager();
>>>> }
>>>> @@ -255,8 +255,8 @@
>>>> this.configClassName = configCN;
>>>> } else {
>>>> String msg = "configClassName fully qualified class
>>>> name
>>> value [" + configCN + "] is not " +
>>>> - "available in the classpath. Please
>>>> ensure you
>>> have typed it correctly and the " +
>>>> - "corresponding class or jar is in the
>>> classpath.";
>>>> + "available in the classpath. Please ensure
>>>> you have
>>> typed it correctly and the " +
>>>> + "corresponding class or jar is in the
>>>> classpath.";
>>>> throw new ConfigurationException(msg);
>>>> }
>>>> }
>>>> @@ -277,7 +277,7 @@
>>>> protected void applyFilterConfig(WebConfiguration conf) {
>>>> if (log.isDebugEnabled()) {
>>>> String msg = "Attempting to inject the FilterConfig
>>>> (using
>>> 'setFilterConfig' method) into the " +
>>>> - "instantiated WebConfiguration for any wrapped
>>> Filter initialization...";
>>>> + "instantiated WebConfiguration for any wrapped
>>>> Filter
>>> initialization...";
>>>> log.debug(msg);
>>>> }
>>>> try {
>>>> @@ -301,9 +301,9 @@
>>>> PropertyUtils.setProperty(conf, "config",
>>> this.config);
>>>> } else {
>>>> String msg = "The 'config' filter param was
>>> specified, but there is no " +
>>>> - "'setConfig(String)' method on the
>>> Configuration instance [" + conf + "]. If you do " +
>>>> - "not require the 'config' filter
>>>> param,
>>> please comment it out, or if you do need it, " +
>>>> - "please ensure your Configuration
>>>> instance
>>> has a 'setConfig(String)' method to receive it.";
>>>> + "'setConfig(String)' method on the
>>>> Configuration
>>> instance [" + conf + "]. If you do " +
>>>> + "not require the 'config' filter param,
>>>> please
>>> comment it out, or if you do need it, " +
>>>> + "please ensure your Configuration
>>>> instance has a
>>> 'setConfig(String)' method to receive it.";
>>>> throw new ConfigurationException(msg);
>>>> }
>>>> } catch (Exception e) {
>>>> @@ -322,9 +322,9 @@
>>>> PropertyUtils.setProperty(conf, "configUrl",
>>> this.configUrl);
>>>> } else {
>>>> String msg = "The 'configUrl' filter param was
>>> specified, but there is no " +
>>>> - "'setConfigUrl(String)' method on the
>>> Configuration instance [" + conf + "]. If you do " +
>>>> - "not require the 'configUrl' filter
>>>> param,
>>> please comment it out, or if you do need it, " +
>>>> - "please ensure your Configuration
>>>> instance
>>> has a 'setConfigUrl(String)' method to receive it.";
>>>> + "'setConfigUrl(String)' method on the
>>> Configuration instance [" + conf + "]. If you do " +
>>>> + "not require the 'configUrl' filter param,
>>> please comment it out, or if you do need it, " +
>>>> + "please ensure your Configuration
>>>> instance has a
>>> 'setConfigUrl(String)' method to receive it.";
>>>> throw new ConfigurationException(msg);
>>>> }
>>>> } catch (Exception e) {
>>>> @@ -347,26 +347,69 @@
>>>> return WebUtils.getInetAddress(request);
>>>> }
>>>>
>>>> - protected void doFilterInternal(ServletRequest servletRequest,
>>> ServletResponse servletResponse,
>>>> - FilterChain origChain) throws
>>> ServletException, IOException {
>>>> + /**
>>>> + * Wraps the original HttpServletRequest in a {@link
>>> JSecurityHttpServletRequest}
>>>> + * @since 1.0
>>>> + */
>>>> + protected ServletRequest
>>>> wrapServletRequest(HttpServletRequest orig)
>>> {
>>>> + return new JSecurityHttpServletRequest(orig,
>>> getServletContext(), isHttpSessions());
>>>> + }
>>>>
>>>> - HttpServletRequest request = (HttpServletRequest)
>>> servletRequest;
>>>> - HttpServletResponse response = (HttpServletResponse)
>>> servletResponse;
>>>> + /** @since 1.0 */
>>>> + protected ServletRequest prepareServletRequest(ServletRequest
>>> request, ServletResponse response,
>>>> + FilterChain
>>>> chain) {
>>>> + ServletRequest toUse = request;
>>>> + if (request instanceof HttpServletRequest) {
>>>> + HttpServletRequest http = (HttpServletRequest)
>>>> request;
>>>> + toUse = wrapServletRequest(http);
>>>> + }
>>>> + return toUse;
>>>> + }
>>>>
>>>> - ThreadContext.bind(getInetAddress(request));
>>>> + /** @since 1.0 */
>>>> + protected ServletResponse
>>>> wrapServletResponse(HttpServletResponse
>>> orig, JSecurityHttpServletRequest request) {
>>>> + return new JSecurityHttpServletResponse(orig,
>>> getServletContext(), request);
>>>> + }
>>>>
>>>> - boolean httpSessions = isHttpSessions();
>>>> - request = new JSecurityHttpServletRequest(request,
>>> getServletContext(), httpSessions);
>>>> - if (!httpSessions) {
>>>> + /** @since 1.0 */
>>>> + protected ServletResponse
>>>> prepareServletResponse(ServletRequest
>>> request, ServletResponse response,
>>>> + FilterChain
>>>> chain)
>>> {
>>>> + ServletResponse toUse = response;
>>>> + if (isHttpSessions() && (request instanceof
>>> JSecurityHttpServletRequest) &&
>>>> + (response instanceof HttpServletResponse)) {
>>>> //the JSecurityHttpServletResponse exists to support URL
>>> rewriting for session ids. This is only needed if
>>>> //using JSecurity sessions (i.e. not simple HttpSession
>>>> based
>>> sessions):
>>>> - response = new JSecurityHttpServletResponse(response,
>>> getServletContext(), (JSecurityHttpServletRequest) request);
>>>> + toUse = wrapServletResponse((HttpServletResponse)
>>>> response,
>>> (JSecurityHttpServletRequest) request);
>>>> }
>>>> + return toUse;
>>>> + }
>>>>
>>>> + /** @since 1.0 */
>>>> + protected void bind(ServletRequest request, ServletResponse
>>> response) {
>>>> + WebUtils.bindInetAddressToThread(request);
>>>> WebUtils.bind(request);
>>>> WebUtils.bind(response);
>>>> ThreadContext.bind(getSecurityManager());
>>>> ThreadContext.bind(getSecurityManager().getSubject());
>>>> + }
>>>> +
>>>> + /** @since 1.0 */
>>>> + protected void unbind(ServletRequest request, ServletResponse
>>> response) {
>>>> + //arguments ignored, just clear the thread:
>>>> + ThreadContext.unbindSubject();
>>>> + ThreadContext.unbindSecurityManager();
>>>> + WebUtils.unbindServletResponse();
>>>> + WebUtils.unbindServletRequest();
>>>> + ThreadContext.unbindInetAddress();
>>>> + }
>>>> +
>>>> + protected void doFilterInternal(ServletRequest servletRequest,
>>> ServletResponse servletResponse,
>>>> + FilterChain origChain) throws
>>> ServletException, IOException {
>>>> +
>>>> + ServletRequest request =
>>>> prepareServletRequest(servletRequest,
>>> servletResponse, origChain);
>>>> + ServletResponse response = prepareServletResponse(request,
>>> servletResponse, origChain);
>>>> +
>>>> + bind(request, response);
>>>>
>>>> FilterChain chain = getConfiguration().getChain(request,
>>> response, origChain);
>>>> if (chain == null) {
>>>> @@ -383,11 +426,7 @@
>>>> try {
>>>> chain.doFilter(request, response);
>>>> } finally {
>>>> - ThreadContext.unbindSubject();
>>>> - ThreadContext.unbindSecurityManager();
>>>> - WebUtils.unbindServletResponse();
>>>> - WebUtils.unbindServletRequest();
>>>> - ThreadContext.unbindInetAddress();
>>>> + unbind(request, response);
>>>> }
>>>> }
>>>>
>>>>
>>>> Modified:
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>>> DefaultWebSessionManager.java
>>>> URL:
>>> http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/DefaultWebSessionManager.java?rev=745117&r1=745116&r2=745117&view=diff
>>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>> ---
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>>> DefaultWebSessionManager.java
>>> (original)
>>>> +++
>>> incubator/jsecurity/trunk/web/src/org/jsecurity/web/session/
>>> DefaultWebSessionManager.java
>>> Tue Feb 17 15:24:02 2009
>>>> @@ -229,7 +229,8 @@
>>>> return sessionId;
>>>> }
>>>>
>>>> - public Session retrieveSession(Serializable sessionId) throws
>>> InvalidSessionException, AuthorizationException {
>>>> + @Override
>>>> + protected Session retrieveSession(Serializable sessionId)
>>>> throws
>>> InvalidSessionException, AuthorizationException {
>>>> if (sessionId != null) {
>>>> return super.retrieveSession(sessionId);
>>>> } else {
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Cordialement,
>>> Emmanuel Lécharny
>>> www.iktek.com
>>>
>