Resolve a Weblogic compatibility issue (patch thanks to Patrick Burleson).

changelog.txt

@@ -12,6 +12,7 @@ Changes in version 0.6 (2004-xx-xx)
 * Improved test coverage (now 98.3%)
 * Fixed Linux compatibility issues (directory case sensitivity etc)
 * Fixed AbstractProcessingFilter to handle servlet spec container differences
+* Fixed AbstractIntegrationFilter to resolve a Weblogic compatibility issue
 * Fixed CasAuthenticationToken if proxy granting ticket callback not requested
 * Documentation improvements
 

contributors.txt

@@ -20,4 +20,11 @@ contributions to the Acegi Security System for Spring project:
   public automated Maven build at the Monkey Machine
   (http://www.monkeymachine.co.uk/acegi).
 
+* Patrick Burleson contributed a patch for Weblogic support.
+
+* Anyone else I've forgotten (please let me know so I can correct this).
+
+Plus of course all the people who use the project and provide feedback, bug
+reports, suggestions and help fellow users.
+
 $Id$

core/src/main/java/org/acegisecurity/ui/AbstractIntegrationFilter.java

@@ -67,8 +67,14 @@ import javax.servlet.ServletResponse;
  * SecureContext}, one will be created. The created object will be of the
  * instance defined by the {@link #setSecureContext(Class)} method.
  * </p>
+ * 
+ * <P>
+ * This filter will only execute once per request, to resolve servlet container
+ * (specifically Weblogic) incompatibilities.
+ * </p>
  *
  * @author Ben Alex
+ * @author Patrick Burleson
  * @version $Id$
  */
 public abstract class AbstractIntegrationFilter implements InitializingBean,
@@ -76,6 +82,7 @@ public abstract class AbstractIntegrationFilter implements InitializingBean,
     //~ Static fields/initializers =============================================
 
     protected static final Log logger = LogFactory.getLog(AbstractIntegrationFilter.class);
+    private static final String FILTER_APPLIED = "__acegi_integration_fitlerapplied";
 
     //~ Instance fields ========================================================
 
@@ -114,68 +121,78 @@ public abstract class AbstractIntegrationFilter implements InitializingBean,
 
     public void doFilter(ServletRequest request, ServletResponse response,
         FilterChain chain) throws IOException, ServletException {
-        // Populate authentication information
-        Object extracted = this.extractFromContainer(request);
-
-        if (extracted instanceof Authentication) {
-            if (logger.isDebugEnabled()) {
-                logger.debug(
-                    "Authentication added to ContextHolder from container");
+        if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
+            // ensure that filter is only applied once per request
+            chain.doFilter(request, response);
+        } else {
+            if (request != null) {
+                request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
             }
 
-            Authentication auth = (Authentication) extracted;
+            // Populate authentication information
+            Object extracted = this.extractFromContainer(request);
 
-            // Get or create existing SecureContext
-            SecureContext sc = null;
+            if (extracted instanceof Authentication) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "Authentication added to ContextHolder from container");
+                }
 
-            if ((ContextHolder.getContext() == null)
-                || !(ContextHolder.getContext() instanceof SecureContext)) {
-                try {
-                    sc = (SecureContext) this.secureContext.newInstance();
-                } catch (InstantiationException ie) {
-                    throw new ServletException(ie);
-                } catch (IllegalAccessException iae) {
-                    throw new ServletException(iae);
+                Authentication auth = (Authentication) extracted;
+
+                // Get or create existing SecureContext
+                SecureContext sc = null;
+
+                if ((ContextHolder.getContext() == null)
+                    || !(ContextHolder.getContext() instanceof SecureContext)) {
+                    try {
+                        sc = (SecureContext) this.secureContext.newInstance();
+                    } catch (InstantiationException ie) {
+                        throw new ServletException(ie);
+                    } catch (IllegalAccessException iae) {
+                        throw new ServletException(iae);
+                    }
+                } else {
+                    sc = (SecureContext) ContextHolder.getContext();
                 }
-            } else {
-                sc = (SecureContext) ContextHolder.getContext();
-            }
 
-            // Add Authentication to SecureContext, and save
-            sc.setAuthentication(auth);
-            ContextHolder.setContext((Context) sc);
-        } else {
-            if (logger.isDebugEnabled()) {
-                logger.debug(
-                    "Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)");
+                // Add Authentication to SecureContext, and save
+                sc.setAuthentication(auth);
+                ContextHolder.setContext((Context) sc);
+            } else {
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)");
+                }
             }
-        }
 
-        // Proceed with chain
-        chain.doFilter(request, response);
+            // Proceed with chain
+            chain.doFilter(request, response);
 
-        // Remove authentication information
-        if ((ContextHolder.getContext() != null)
-            && ContextHolder.getContext() instanceof SecureContext) {
-            if (logger.isDebugEnabled()) {
-                logger.debug(
-                    "Updating container with new Authentication object, and then removing Authentication from ContextHolder");
-            }
+            // Remove authentication information
+            if ((ContextHolder.getContext() != null)
+                && ContextHolder.getContext() instanceof SecureContext) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "Updating container with new Authentication object, and then removing Authentication from ContextHolder");
+                }
 
-            // Get context holder
-            SecureContext secureContext = (SecureContext) ContextHolder
-                .getContext();
+                // Get context holder
+                SecureContext secureContext = (SecureContext) ContextHolder
+                    .getContext();
 
-            // Update container with new Authentication object (may have been updated during method invocation)
-            this.commitToContainer(request, secureContext.getAuthentication());
+                // Update container with new Authentication object (may have been updated during method invocation)
+                this.commitToContainer(request,
+                    secureContext.getAuthentication());
 
-            // Remove authentication information from ContextHolder
-            secureContext.setAuthentication(null);
-            ContextHolder.setContext((Context) secureContext);
-        } else {
-            if (logger.isDebugEnabled()) {
-                logger.debug(
-                    "ContextHolder does not contain any authentication information");
+                // Remove authentication information from ContextHolder
+                secureContext.setAuthentication(null);
+                ContextHolder.setContext((Context) secureContext);
+            } else {
+                if (logger.isDebugEnabled()) {
+                    logger.debug(
+                        "ContextHolder does not contain any authentication information");
+                }
             }
         }
     }