shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r735626 - /incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java
Date Mon, 19 Jan 2009 08:09:43 GMT
Author: lhazlewood
Date: Mon Jan 19 00:09:43 2009
New Revision: 735626

URL: http://svn.apache.org/viewvc?rev=735626&view=rev
Log:
Modified to be more robust and based on common Subject lookup mechanisms (SecurityUtils).
 If not found there, only then fall back to a system property (previous behavior).

Modified:
    incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java

Modified: incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java?rev=735626&r1=735625&r2=735626&view=diff
==============================================================================
--- incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java
(original)
+++ incubator/jsecurity/trunk/support/spring/src/org/jsecurity/spring/remoting/SecureRemoteInvocationFactory.java
Mon Jan 19 00:09:43 2009
@@ -19,11 +19,17 @@
 package org.jsecurity.spring.remoting;
 
 import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.jsecurity.SecurityUtils;
 import org.jsecurity.session.Session;
+import org.jsecurity.subject.Subject;
 import org.springframework.remoting.support.DefaultRemoteInvocationFactory;
 import org.springframework.remoting.support.RemoteInvocation;
 import org.springframework.remoting.support.RemoteInvocationFactory;
 
+import java.io.Serializable;
+
 /**
  * A {@link RemoteInvocationFactory} that passes the session ID to the server via a
  * {@link RemoteInvocation} {@link RemoteInvocation#getAttribute(String) attribute}.
@@ -38,7 +44,7 @@
  */
 public class SecureRemoteInvocationFactory extends DefaultRemoteInvocationFactory {
 
-    //TODO - complete JavaDoc
+    private static final Log log = LogFactory.getLog(SecureRemoteInvocationFactory.class);
 
     public static final String SESSION_ID_KEY = Session.class.getName() + "_ID_KEY";
 
@@ -53,13 +59,30 @@
      * @return a remote invocation object containing the current session ID as an attribute.
      */
     public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
-        String sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
+        Serializable sessionId = null;
+        Subject subject = SecurityUtils.getSubject();
+        if (subject != null) {
+            Session session = subject.getSession(false);
+            if (session != null) {
+                sessionId = session.getId();
+            }
+        }
+
         if (sessionId == null) {
-            throw new IllegalStateException("System property [" + SESSION_ID_SYSTEM_PROPERTY_NAME
+ "] is not set.  " +
-                    "This property must be set to the JSecurity session ID for remote calls
to function.");
+            if (log.isTraceEnabled()) {
+                log.trace("No Session found for the currently executing subject via subject.getSession(false).
 " +
+                        "Attempting to revert back to the 'jsecurity.session.id' system property...");
+            }
+        }
+        sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
+        if (sessionId == null && log.isTraceEnabled()) {
+            log.trace("No 'jsecurity.session.id' system property found.  Heuristics have
been exhausted; " +
+                    "RemoteInvocation will not contain a sessionId.");
         }
         RemoteInvocation ri = new RemoteInvocation(methodInvocation);
-        ri.addAttribute(SESSION_ID_KEY, sessionId);
+        if (sessionId != null) {
+            ri.addAttribute(SESSION_ID_KEY, sessionId);
+        }
 
         return ri;
     }



Mime
View raw message