shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r780814 - in /incubator/jsecurity/trunk: core/src/main/java/org/apache/ki/mgt/ web/src/main/java/org/apache/ki/web/servlet/ web/src/main/java/org/apache/ki/web/session/ web/src/test/java/org/apache/ki/web/
Date Mon, 01 Jun 2009 20:28:19 GMT
Author: lhazlewood
Date: Mon Jun  1 20:28:18 2009
New Revision: 780814

URL: http://svn.apache.org/viewvc?rev=780814&view=rev
Log:
JavaDoc additions

Modified:
    incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SubjectFactory.java
    incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java
    incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/OncePerRequestFilter.java
    incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/session/ServletContainerSessionManager.java
    incubator/jsecurity/trunk/web/src/test/java/org/apache/ki/web/WebRememberMeManagerTest.java

Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SubjectFactory.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SubjectFactory.java?rev=780814&r1=780813&r2=780814&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SubjectFactory.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SubjectFactory.java Mon
Jun  1 20:28:18 2009
@@ -18,14 +18,14 @@
  */
 package org.apache.ki.mgt;
 
-import java.net.InetAddress;
-
 import org.apache.ki.authc.AuthenticationInfo;
 import org.apache.ki.authc.AuthenticationToken;
 import org.apache.ki.session.Session;
 import org.apache.ki.subject.PrincipalCollection;
 import org.apache.ki.subject.Subject;
 
+import java.net.InetAddress;
+
 /**
  * A {@code SubjectFactory} is responsible for returning {@link Subject Subject} instances
as needed.
  *
@@ -39,7 +39,7 @@
      * <p/>
      * The '{@code existing}' {@code Subject} method argument is the {@code Subject} that
executed the
      * authentication attempt but still reflects an unauthenticated state.  The instance
returned from this method
-     * is the {code Subject} instance to use for future application use and reflects an authenticated
state.
+     * is the {@code Subject} instance to use for future application use and reflects an
authenticated state.
      *
      * @param token    the {@code AuthenticationToken} submitted during the successful authentication
attempt.
      * @param info     the {@code AuthenticationInfo} generated due to the successful authentication
attempt.

Modified: incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java?rev=780814&r1=780813&r2=780814&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java (original)
+++ incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java Mon
Jun  1 20:28:18 2009
@@ -18,21 +18,7 @@
  */
 package org.apache.ki.web.servlet;
 
-import java.beans.PropertyDescriptor;
-import java.io.IOException;
-import java.net.InetAddress;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.beanutils.PropertyUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import org.apache.ki.config.Configuration;
 import org.apache.ki.config.ConfigurationException;
 import org.apache.ki.mgt.SecurityManager;
@@ -44,6 +30,15 @@
 import org.apache.ki.web.WebUtils;
 import org.apache.ki.web.config.IniWebConfiguration;
 import org.apache.ki.web.config.WebConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.beans.PropertyDescriptor;
+import java.io.IOException;
+import java.net.InetAddress;
 
 
 /**
@@ -292,7 +287,7 @@
         if (sm == null) {
             if (log.isInfoEnabled()) {
                 log.info("Configuration instance [" + config + "] did not provide a SecurityManager.
 No config " +
-                    "specified?  Defaulting to a " + DefaultWebSecurityManager.class.getName()
+ " instance...");
+                        "specified?  Defaulting to a " + DefaultWebSecurityManager.class.getName()
+ " instance...");
             }
             sm = new DefaultWebSecurityManager();
         }
@@ -309,8 +304,8 @@
                 this.configClassName = configCN;
             } else {
                 String msg = "configClassName fully qualified class name value [" + configCN
+ "] is not " +
-                    "available in the classpath.  Please ensure you have typed it correctly
and the " +
-                    "corresponding class or jar is in the classpath.";
+                        "available in the classpath.  Please ensure you have typed it correctly
and the " +
+                        "corresponding class or jar is in the classpath.";
                 throw new ConfigurationException(msg);
             }
         }
@@ -331,7 +326,7 @@
     protected void applyFilterConfig(WebConfiguration conf) {
         if (log.isDebugEnabled()) {
             String msg = "Attempting to inject the FilterConfig (using 'setFilterConfig'
method) into the " +
-                "instantiated WebConfiguration for any wrapped Filter initialization...";
+                    "instantiated WebConfiguration for any wrapped Filter initialization...";
             log.debug(msg);
         }
         try {
@@ -355,9 +350,9 @@
                     PropertyUtils.setProperty(conf, "config", this.config);
                 } else {
                     String msg = "The 'config' filter param was specified, but there is no
" +
-                        "'setConfig(String)' method on the Configuration instance [" + conf
+ "].  If you do " +
-                        "not require the 'config' filter param, please comment it out, or
if you do need it, " +
-                        "please ensure your Configuration instance has a 'setConfig(String)'
method to receive it.";
+                            "'setConfig(String)' method on the Configuration instance ["
+ conf + "].  If you do " +
+                            "not require the 'config' filter param, please comment it out,
or if you do need it, " +
+                            "please ensure your Configuration instance has a 'setConfig(String)'
method to receive it.";
                     throw new ConfigurationException(msg);
                 }
             } catch (Exception e) {
@@ -376,9 +371,9 @@
                     PropertyUtils.setProperty(conf, "configUrl", this.configUrl);
                 } else {
                     String msg = "The 'configUrl' filter param was specified, but there is
no " +
-                        "'setConfigUrl(String)' method on the Configuration instance [" +
conf + "].  If you do " +
-                        "not require the 'configUrl' filter param, please comment it out,
or if you do need it, " +
-                        "please ensure your Configuration instance has a 'setConfigUrl(String)'
method to receive it.";
+                            "'setConfigUrl(String)' method on the Configuration instance
[" + conf + "].  If you do " +
+                            "not require the 'configUrl' filter param, please comment it
out, or if you do need it, " +
+                            "please ensure your Configuration instance has a 'setConfigUrl(String)'
method to receive it.";
                     throw new ConfigurationException(msg);
                 }
             } catch (Exception e) {
@@ -390,11 +385,7 @@
 
     protected boolean isHttpSessions() {
         SecurityManager secMgr = getSecurityManager();
-        if (secMgr instanceof DefaultWebSecurityManager) {
-            return ((DefaultWebSecurityManager) secMgr).isHttpSessionMode();
-        } else {
-            return true;
-        }
+        return !(secMgr instanceof DefaultWebSecurityManager) || ((DefaultWebSecurityManager)
secMgr).isHttpSessionMode();
     }
 
     protected InetAddress getInetAddress(ServletRequest request) {
@@ -402,16 +393,33 @@
     }
 
     /**
-     * Wraps the original HttpServletRequest in a {@link KiHttpServletRequest}
+     * Wraps the original HttpServletRequest in a {@link KiHttpServletRequest}, which is
required for supporting
+     * Servlet Specification behavior backed by a {@link org.apache.ki.subject.Subject Subject}
instance.
+     *
+     * @param orig the original Servlet Container-provided incoming {@code HttpServletRequest}
instance.
+     * @return {@link KiHttpServletRequest KiHttpServletRequest} instance wrapping the original.
      * @since 1.0
      */
     protected ServletRequest wrapServletRequest(HttpServletRequest orig) {
         return new KiHttpServletRequest(orig, getServletContext(), isHttpSessions());
     }
 
-    /** @since 1.0 */
-    protected ServletRequest prepareServletRequest(ServletRequest request, ServletResponse
response,
-                                                   FilterChain chain) {
+    /**
+     * 'Prepare's the {@code ServletRequest} instance that will be passed to the {@code FilterChain}
for request
+     * processing.
+     * <p/>
+     * If the {@code ServletRequest} is an instance of {@link HttpServletRequest}, the value
returned from this method
+     * is obtained by calling {@link #wrapServletRequest(javax.servlet.http.HttpServletRequest)}
to allow Ki-specific
+     * HTTP behavior, otherwise the original {@code ServletRequest} argument is returned.
+     *
+     * @param request  the incoming ServletRequest
+     * @param response the outgoing ServletResponse
+     * @param chain    the Servlet Container provided {@code FilterChain} that will receive
the returned request.
+     * @return the {@code ServletRequest} instance that will be passed to the {@code FilterChain}
for request processing.
+     * @since 1.0
+     */
+    @SuppressWarnings({"UnusedDeclaration"})
+    protected ServletRequest prepareServletRequest(ServletRequest request, ServletResponse
response, FilterChain chain) {
         ServletRequest toUse = request;
         if (request instanceof HttpServletRequest) {
             HttpServletRequest http = (HttpServletRequest) request;
@@ -420,17 +428,43 @@
         return toUse;
     }
 
-    /** @since 1.0 */
+    /**
+     * Returns a new {@link KiHttpServletResponse} instance, wrapping the {@code orig} argument,
in order to provide
+     * correct URL rewriting behavior required by the Servlet Specification when using Ki-based
sessions (and not
+     * Servlet Container HTTP-based sessions).
+     *
+     * @param orig    the original {@code HttpServletResponse} instance provided by the Servlet
Container.
+     * @param request the {@code KiHttpServletRequest} instance wrapping the original request.
+     * @return the wrapped ServletResponse instance to use during {@link FilterChain} execution.
+     * @since 1.0
+     */
     protected ServletResponse wrapServletResponse(HttpServletResponse orig, KiHttpServletRequest
request) {
         return new KiHttpServletResponse(orig, getServletContext(), request);
     }
 
-    /** @since 1.0 */
-    protected ServletResponse prepareServletResponse(ServletRequest request, ServletResponse
response,
-                                                     FilterChain chain) {
+    /**
+     * 'Prepare's the {@code ServletResponse} instance that will be passed to the {@code
FilterChain} for request
+     * processing.
+     * <p/>
+     * This implementation delegates to {@link #wrapServletRequest(javax.servlet.http.HttpServletRequest)}
+     * only if Ki-based sessions are enabled (that is, !{@link #isHttpSessions()}) and the
request instance is a
+     * {@link KiHttpServletRequest}.  This ensures that any URL rewriting that occurs is
handled correctly using the
+     * Ki-managed Session's sessionId and not a servlet container session ID.
+     * <p/>
+     * If HTTP-based sessions are enabled (the default), then this method does nothing and
just returns the
+     * {@code ServletResponse} argument as-is, relying on the default Servlet Container URL
rewriting logic.
+     *
+     * @param request  the incoming ServletRequest
+     * @param response the outgoing ServletResponse
+     * @param chain    the Servlet Container provided {@code FilterChain} that will receive
the returned request.
+     * @return the {@code ServletResponse} instance that will be passed to the {@code FilterChain}
during request processing.
+     * @since 1.0
+     */
+    @SuppressWarnings({"UnusedDeclaration"})
+    protected ServletResponse prepareServletResponse(ServletRequest request, ServletResponse
response, FilterChain chain) {
         ServletResponse toUse = response;
-        if (isHttpSessions() && (request instanceof KiHttpServletRequest) &&
-            (response instanceof HttpServletResponse)) {
+        if (!isHttpSessions() && (request instanceof KiHttpServletRequest) &&
+                (response instanceof HttpServletResponse)) {
             //the KiHttpServletResponse exists to support URL rewriting for session ids.
 This is only needed if
             //using Ki sessions (i.e. not simple HttpSession based sessions):
             toUse = wrapServletResponse((HttpServletResponse) response, (KiHttpServletRequest)
request);
@@ -438,7 +472,25 @@
         return toUse;
     }
 
-    /** @since 1.0 */
+    /**
+     * Binds the current request/response pair and additional information to a thread-local
to be made available to Ki
+     * during the course of the request/response process.  This implementation binds the
request/response pair to the
+     * currently executing thread via the {@link ThreadContext}, as well as the Request's
+     * {@link javax.servlet.ServletRequest#getRemoteAddr() remoteAddr} (client InetAddress),
the application's
+     * configured {@link SecurityManager}, and sets up and binds the currently executing
+     * {@link org.apache.ki.subject.Subject Subject} instance to ensure the Subject is available
before any request
+     * processing occurs.
+     * <p/>
+     * To guarantee properly cleaned threads in a thread-pooled Servlet Container environment,
the corresponding
+     * {@link #unbind} method must be called in a {@code finally} block to ensure that the
thread remains clean even
+     * in the event of an exception thrown while processing the request.  This class's
+     * {@link #doFilterInternal(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
javax.servlet.FilterChain)}
+     * method implement does indeed perform this.
+     *
+     * @param request  the incoming ServletRequest
+     * @param response the outgoing ServletResponse
+     * @since 1.0
+     */
     protected void bind(ServletRequest request, ServletResponse response) {
         WebUtils.bindInetAddressToThread(request);
         WebUtils.bind(request);
@@ -447,43 +499,124 @@
         ThreadContext.bind(getSecurityManager().getSubject());
     }
 
-    /** @since 1.0 */
+    /**
+     * Unbinds (removes out of scope) the current {@code ServletRequest} and {@link ServletResponse}.
+     * <p/>
+     * This method implementation merely calls {@code ThreadContext}.{@link ThreadContext#clear()
clear()} to ensure
+     * that <em>everything</em> that might have been bound to the thread by Ki
has been removed to ensure the underlying
+     * Thread may be safely re-used in a thread-pooled Servlet Container environment.
+     *
+     * @param request  the just-processed incoming servlet response - ignored
+     * @param response the just-processed outgoing servlet response - ignored
+     * @since 1.0
+     */
+    @SuppressWarnings({"UnusedDeclaration"})
     protected void unbind(ServletRequest request, ServletResponse response) {
         //arguments ignored, just clear the thread:
-        ThreadContext.unbindSubject();
-        ThreadContext.unbindSecurityManager();
-        WebUtils.unbindServletResponse();
-        WebUtils.unbindServletRequest();
-        ThreadContext.unbindInetAddress();
+        ThreadContext.clear();
     }
 
-    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
-                                    FilterChain origChain) throws ServletException, IOException
{
+    /**
+     * {@code doFilterInternal} implementation that sets-up, executes, and cleans-up a Ki-filtered
request.  It
+     * performs the following ordered operations:
+     * <ol>
+     * <li>{@link #prepareServletRequest(ServletRequest, ServletResponse, FilterChain)
Prepares}
+     * the incoming {@code ServletRequest} for use during Ki's processing</li>
+     * <li>{@link #prepareServletResponse(ServletRequest, ServletResponse, FilterChain)
Prepares}
+     * the outgoing {@code ServletResponse} for use during Ki's processing</li>
+     * <li>{@link #bind(ServletRequest,ServletResponse) Binds} the request/response
pair
+     * and associated data to the currently executing thread for use during processing</li>
+     * <li>{@link #executeChain(ServletRequest,ServletResponse,FilterChain) Executes}
+     * the appropriate {@code FilterChain}</li>
+     * <li>{@link #unbind(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
Unbinds} the request/response
+     * pair and any other associated data from the thread.
+     * </ul>
+     * <p/>
+     * The {@link #unbind(javax.servlet.ServletRequest, javax.servlet.ServletResponse) unbind}
method is called in a
+     * {@code finally} block to guarantee the thread may be cleanly re-used in a thread-pooled
Servlet Container
+     * environment.
+     *
+     * @param servletRequest  the incoming {@code ServletRequest}
+     * @param servletResponse the outgoing {@code ServletResponse}
+     * @param chain           the container-provided {@code FilterChain} to execute
+     * @throws ServletException if an error occurs
+     * @throws IOException      if an IO error occurs
+     */
+    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain chain)
+            throws ServletException, IOException {
 
-        ServletRequest request = prepareServletRequest(servletRequest, servletResponse, origChain);
-        ServletResponse response = prepareServletResponse(request, servletResponse, origChain);
+        ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
+        ServletResponse response = prepareServletResponse(request, servletResponse, chain);
 
         bind(request, response);
 
+        try {
+            executeChain(request, response, chain);
+        } finally {
+            unbind(request, response);
+        }
+    }
+
+    /**
+     * Returns the {@code FilterChain} to execute for the given request.
+     * <p/>
+     * The {@code origChain} argument is the
+     * original {@code FilterChain} supplied by the Servlet Container, but it may be modified
to provide
+     * more behavior by appending further chains according to the Ki configuration.
+     * <p/>
+     * This implementation returns the chain that will actually be executed by acquiring
the chain from a
+     * <code>{@link #getConfiguration() getConfiguration()}.{@link org.apache.ki.web.config.WebConfiguration#getChain
getChain}(request,response,origChain)</code>
+     * method call.  The configuration itself determines which chain to execute, typically
based on URL configuration.
+     * If no chain is returned from this method call (returns {@code null}), then the {@code
origChain}
+     * will be returned by default.
+     *
+     * @param request   the incoming ServletRequest
+     * @param response  the outgoing ServletResponse
+     * @param origChain the original {@code FilterChain} provided by the Servlet Container
+     * @return the {@link FilterChain} to execute for the given request
+     * @since 1.0
+     */
+    protected FilterChain getExecutionChain(ServletRequest request, ServletResponse response,
FilterChain origChain) {
         FilterChain chain = getConfiguration().getChain(request, response, origChain);
         if (chain == null) {
             chain = origChain;
-            if (log.isTraceEnabled()) {
-                log.trace("No security filter chain configured for the current request. 
Using default.");
-            }
+            log.trace("No security filter chain configured for the current request.  Using
default.");
         } else {
-            if (log.isTraceEnabled()) {
-                log.trace(" Using configured filter chain for the current request.");
-            }
+            log.trace(" Using configured filter chain for the current request.");
         }
+        return chain;
+    }
 
-        try {
-            chain.doFilter(request, response);
-        } finally {
-            unbind(request, response);
-        }
+    /**
+     * Executes a {@link FilterChain} for the given request.
+     * <p/>
+     * This implementation first delegates to
+     * <code>{@link #getExecutionChain(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
javax.servlet.FilterChain) getExecutionChain}</code>
+     * to allow the application's Ki configuration to determine exactly how the chain should
execute.  The resulting
+     * value from that call is then executed directly by calling the returned {@code FilterChain}'s
+     * {@link FilterChain#doFilter doFilter} method.  That is:
+     * <p/>
+     * <pre>
+     * FilterChain chain = {@link #getExecutionChain}(request, response, origChain);
+     * chain.{@link FilterChain#doFilter doFilter}(request,response);</pre>
+     *
+     * @param request   the incoming ServletRequest
+     * @param response  the outgoing ServletResponse
+     * @param origChain the Servlet Container-provided chain that may be wrapped further
by an application-configured
+     *                  chain of Filters.
+     * @throws IOException      if the underlying {@code chain.doFilter} call results in
an IOException
+     * @throws ServletException if the underlying {@code chain.doFilter} call results in
a ServletException
+     * @since 1.0
+     */
+    protected void executeChain(ServletRequest request, ServletResponse response, FilterChain
origChain)
+            throws IOException, ServletException {
+        FilterChain chain = getExecutionChain(request, response, origChain);
+        chain.doFilter(request, response);
     }
 
+    /**
+     * Destroys this Filter by destroying the {@link #getConfiguration() configuration} object.
+     */
     public void destroy() {
         LifecycleUtils.destroy(getConfiguration());
     }

Modified: incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/OncePerRequestFilter.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/OncePerRequestFilter.java?rev=780814&r1=780813&r2=780814&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/OncePerRequestFilter.java
(original)
+++ incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/OncePerRequestFilter.java
Mon Jun  1 20:28:18 2009
@@ -18,29 +18,23 @@
  */
 package org.apache.ki.web.servlet;
 
-import java.io.IOException;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
+import org.apache.ki.util.Nameable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import org.apache.ki.util.Nameable;
+import javax.servlet.*;
+import java.io.IOException;
 
 
 /**
  * Filter base class that guarantees to be just executed once per request,
  * on any servlet container. It provides a {@link #doFilterInternal}
  * method with HttpServletRequest and HttpServletResponse arguments.
- *
+ * <p/>
  * <p>The {@link #getAlreadyFilteredAttributeName} method determines how
  * to identify that a request is already filtered. The default implementation
  * is based on the configured name of the concrete filter instance.
- *
+ * <p/>
  * <p><b>NOTE</b> This class was borrowed from the Spring framework, and
as such,
  * all copyright notices and author names have remained in tact.
  *
@@ -50,7 +44,9 @@
  */
 public abstract class OncePerRequestFilter extends ServletContextSupport implements Filter,
Nameable {
 
-    /** Private internal log instance. */
+    /**
+     * Private internal log instance.
+     */
     private static final Logger log = LoggerFactory.getLogger(OncePerRequestFilter.class);
 
     /**
@@ -60,10 +56,14 @@
      */
     public static final String ALREADY_FILTERED_SUFFIX = ".FILTERED";
 
-    /** FilterConfig provided by the Servlet container at startup. */
+    /**
+     * FilterConfig provided by the Servlet container at startup.
+     */
     protected FilterConfig filterConfig;
 
-    /** The name of this filter, unique within an application. */
+    /**
+     * The name of this filter, unique within an application.
+     */
     private String name;
 
     /**
@@ -218,19 +218,22 @@
      * @return whether the given request should <i>not</i> be filtered
      * @throws ServletException in case of errors
      */
+    @SuppressWarnings({"UnusedDeclaration"})
     protected boolean shouldNotFilter(ServletRequest request) throws ServletException {
         return false;
     }
 
 
     /**
-     * Same contract as for <code>doFilter</code>, but guaranteed to be
-     * just invoked once per request. Provides HttpServletRequest and
-     * HttpServletResponse arguments instead of the default ServletRequest
-     * and ServletResponse ones.
+     * Same contract as for <code>doFilter</code>, but guaranteed to be just
invoked once per request.
+     *
+     * @param request  incoming {@code ServletRequest}
+     * @param response outgoing {@code ServletResponse}
+     * @param chain    the {@code FilterChain} to execute
+     * @throws ServletException if there is a problem processing the request
+     * @throws IOException      if there is an IO problem processing the request
      */
-    protected abstract void doFilterInternal(
-            ServletRequest request, ServletResponse response, FilterChain filterChain)
+    protected abstract void doFilterInternal(ServletRequest request, ServletResponse response,
FilterChain chain)
             throws ServletException, IOException;
 
     /**

Modified: incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/session/ServletContainerSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/session/ServletContainerSessionManager.java?rev=780814&r1=780813&r2=780814&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/session/ServletContainerSessionManager.java
(original)
+++ incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/session/ServletContainerSessionManager.java
Mon Jun  1 20:28:18 2009
@@ -89,10 +89,11 @@
         long timeoutMillis = getGlobalSessionTimeout();
         httpSession.setMaxInactiveInterval((int) (timeoutMillis / MILLIS_PER_SECOND));
 
-
-        InetAddress originatingHost = null;
+        InetAddress originatingHost;
         if (initData != null && initData.containsKey(SessionFactory.ORIGINATING_HOST_KEY))
{
             originatingHost = (InetAddress) initData.get(SessionFactory.ORIGINATING_HOST_KEY);
+        } else {
+            originatingHost = WebUtils.getInetAddress(request);
         }
 
         return createSession(httpSession, originatingHost);

Modified: incubator/jsecurity/trunk/web/src/test/java/org/apache/ki/web/WebRememberMeManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/test/java/org/apache/ki/web/WebRememberMeManagerTest.java?rev=780814&r1=780813&r2=780814&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/test/java/org/apache/ki/web/WebRememberMeManagerTest.java
(original)
+++ incubator/jsecurity/trunk/web/src/test/java/org/apache/ki/web/WebRememberMeManagerTest.java
Mon Jun  1 20:28:18 2009
@@ -18,21 +18,18 @@
  */
 package org.apache.ki.web;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import static org.easymock.EasyMock.*;
-import static org.junit.Assert.assertTrue;
-import org.junit.Test;
-
 import org.apache.ki.authc.AuthenticationInfo;
 import org.apache.ki.authc.SimpleAuthenticationInfo;
 import org.apache.ki.authc.UsernamePasswordToken;
 import org.apache.ki.subject.PrincipalCollection;
 import org.apache.ki.subject.SimplePrincipalCollection;
-import org.apache.ki.web.WebRememberMeManager;
-import org.apache.ki.web.WebUtils;
+import static org.easymock.EasyMock.*;
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * TODO - class javadoc
@@ -84,10 +81,11 @@
         verify(mockRequest);
 
         assertTrue(collection != null);
+        //noinspection ConstantConditions
         assertTrue(collection.iterator().next().equals("user"));
     }
 
-   // KI-69  @Test
+    // KI-69  @Test
     public void getRememberedPrincipalsDecryptionError() {
         HttpServletRequest mockRequest = createMock(HttpServletRequest.class);
         WebUtils.bind(mockRequest);



Mime
View raw message