Startsida Utforska Hjälp
Registrera dig Logga in
github
/
spring-security
spegling av https://github.com/spring-projects/spring-security
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

Fix for SEC-111. Added a try/finally block to make sure context is always reset after the invocation.

Luke Taylor 20 år sedan
förälder
58922e666a
incheckning
7847af2664
2 ändrade filer med 32 tillägg och 7 borttagningar
Delad Vy Visa Diff Statistik
  1. 10 7
      core/src/main/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocation.java
  2. 22 0
      core/src/test/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocationTests.java

+ 10 - 7
core/src/main/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocation.java
Visa fil 

@@ -117,15 +117,18 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
 
                 + securityContext);
 
         }
 
 
-        Object result = super.invoke(targetObject);
 
+        try {
 
 
-        SecurityContextHolder.setContext(new SecurityContextImpl());
 
+            return super.invoke(targetObject);
 
 
-        if (logger.isDebugEnabled()) {
 
-            logger.debug(
 
-                "Set SecurityContext to new instance of SecurityContextImpl");
 
-        }
 
+        } finally {
 
 
-        return result;
 
+            SecurityContextHolder.setContext(new SecurityContextImpl());
 
+
 
+            if (logger.isDebugEnabled()) {
 
+                logger.debug(
 
+                    "Set SecurityContext to new instance of SecurityContextImpl");
 
+            }
 
+        }
 
     }
 
 }

+ 22 - 0
core/src/test/java/org/acegisecurity/context/rmi/ContextPropagatingRemoteInvocationTests.java
Visa fil 

@@ -85,6 +85,28 @@ public class ContextPropagatingRemoteInvocationTests extends TestCase {
 
             remoteInvocation.invoke(new TargetObject()));
 
     }
 
 
+    public void testContextIsResetEvenIfExceptionOccurs() throws Exception {
 
+        // Setup client-side context
 
+        Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("marissa",
 
+                "koala");
 
+        SecurityContextHolder.getContext().setAuthentication(clientSideAuthentication);
 
+
 
+        ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
 
+
 
+        try {
 
+            // Set up the wrong arguments.
 
+            remoteInvocation.setArguments(new Object[] {});
 
+            remoteInvocation.invoke(TargetObject.class.newInstance());
 
+            fail("Expected IllegalArgumentException");
 
+        } catch(IllegalArgumentException e) {
 
+            // expected
 
+        }
 
+
 
+        assertNull("Authentication must be null ", SecurityContextHolder.getContext().getAuthentication());
 
+
 
+    }
 
+
 
+
 
     private ContextPropagatingRemoteInvocation getRemoteInvocation()
 
         throws Exception {
 
         Class clazz = TargetObject.class;