You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/04/18 02:16:59 UTC
svn commit: r766185 - in /incubator/jsecurity/trunk: core/src/main/java/org/apache/ki/subject/DelegatingSubject.java web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java

Author: lhazlewood
Date: Sat Apr 18 00:16:59 2009
New Revision: 766185

URL: http://svn.apache.org/viewvc?rev=766185&view=rev
Log:
Fixed bug where session.stop was not delegating at all times to the security manager (required for the security manager to clear out a cookie in web environments)

Modified:
    incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/subject/DelegatingSubject.java
    incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java

Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/subject/DelegatingSubject.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/subject/DelegatingSubject.java?rev=766185&r1=766184&r2=766185&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/subject/DelegatingSubject.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/subject/DelegatingSubject.java Sat Apr 18 00:16:59 2009
@@ -107,10 +107,25 @@
             this.inetAddress = getLocalHost();
         }
         if (session != null) {
-            this.session = new StoppingAwareProxiedSession(session, this);
+            this.session = decorate(session);
         }
     }
 
+    protected Session decorate(Session session) {
+        if (session == null) {
+            throw new IllegalArgumentException("session cannot be null");
+        }
+        return decorateSession(session.getId());
+    }
+
+    protected Session decorateSession(Serializable sessionId) {
+        if (sessionId == null) {
+            throw new IllegalArgumentException("sessionId cannot be null");
+        }
+        DelegatingSession target = new DelegatingSession(getSecurityManager(), sessionId);
+        return new StoppingAwareProxiedSession(target, this);
+    }
+
     public SecurityManager getSecurityManager() {
         return securityManager;
     }
@@ -129,9 +144,7 @@
         return this.inetAddress;
     }
 
-    /**
-     * @see Subject#getPrincipal()
-     */
+    /** @see Subject#getPrincipal() */
     public Object getPrincipal() {
         PrincipalCollection principals = getPrincipals();
         if (principals == null || principals.isEmpty()) {
@@ -201,8 +214,7 @@
     }
 
     public void checkPermissions(String... permissions)
-            throws AuthorizationException
-    {
+            throws AuthorizationException {
         assertAuthzCheckPossible();
         securityManager.checkPermissions(getPrincipals(), permissions);
     }
@@ -252,11 +264,7 @@
         this.principals = principals;
         Session session = subject.getSession(false);
         if (session != null) {
-            if (session instanceof StoppingAwareProxiedSession) {
-                this.session = session;
-            } else {
-                this.session = new StoppingAwareProxiedSession(session, this);
-            }
+            this.session = decorate(session);
         } else {
             this.session = null;
         }
@@ -288,8 +296,7 @@
                 log.trace("starting session for address [" + getInetAddress() + "]");
             }
             Serializable sessionId = this.securityManager.start(getInetAddress());
-            Session target = new DelegatingSession(this.securityManager, sessionId);
-            this.session = new StoppingAwareProxiedSession(target, this);
+            this.session = decorateSession(sessionId);
         }
         return this.session;
     }

Modified: incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java?rev=766185&r1=766184&r2=766185&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java (original)
+++ incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/DefaultWebSecurityManager.java Sat Apr 18 00:16:59 2009
@@ -182,7 +182,6 @@
         super.beforeLogout(subjectIdentifier);
         //also ensure a request attribute is set so the Subject is not reacquired later during the request:
         removeRequestIdentity();
-
     }
 
     protected void removeRequestIdentity() {