Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-539: Refactored populateSecurityContextFromSession() to reduce nested blocks and clarify logic.

Luke Taylor 18 years ago
parent
27ef2caf45
commit
ba88214d1d
1 changed files with 58 additions and 48 deletions
Unified View Show Diff Stats
  1. 58 48
      core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java

+ 58 - 48
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File 

@@ -246,63 +246,73 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
 
 
 
     /**
 
     /**
 
      * Extracts the security context from the session (if available) and sets it on SecurityContextHolder.
 
      * Extracts the security context from the session (if available) and sets it on SecurityContextHolder.
 
+     * <p/>
 
+     * If the session is null, the context object is null or the context object stored in the session
 
+     * is not an instance of SecurityContext it will generate a new empty context and store this.
 
      *
 
      *
 
      * @param httpSession the session obtained from the request.
 
      * @param httpSession the session obtained from the request.
 
      */
 
      */
 
     private void populateSecurityContextFromSession(HttpSession httpSession) throws ServletException {
 
     private void populateSecurityContextFromSession(HttpSession httpSession) throws ServletException {
 
-        if (httpSession != null) {
 
-
 
-            Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
 
-
 
-            if (contextFromSessionObject != null) {
 
-                // Clone if required (see SEC-356)
 
-                if (cloneFromHttpSession) {
 
-                    Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
 
-                            "Context must implement Clonable and provide a Object.clone() method");
 
-                    try {
 
-                        Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[]{});
 
-                        if (!m.isAccessible()) {
 
-                            m.setAccessible(true);
 
-                        }
 
-                        contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[]{});
 
-                    }
 
-                    catch (Exception ex) {
 
-                        ReflectionUtils.handleReflectionException(ex);
 
-                    }
 
-                }
 
+        if (httpSession == null) {
 
+            if (logger.isDebugEnabled()) {
 
+                logger.debug("No HttpSession currently exists - new SecurityContext instance "
 
+                        + "associated with SecurityContextHolder");
 
+            }
 
 
 
-                if (contextFromSessionObject instanceof SecurityContext) {
 
-                    if (logger.isDebugEnabled()) {
 
-                        logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
 
-                                + "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
 
-                    }
 
-
 
-                    SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
 
-                } else {
 
-                    if (logger.isWarnEnabled()) {
 
-                        logger
 
-                                .warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
 
-                                        + contextFromSessionObject
 
-                                        + "'; are you improperly modifying the HttpSession directly "
 
-                                        + "(you should always use SecurityContextHolder) or using the HttpSession attribute "
 
-                                        + "reserved for this class? - new SecurityContext instance associated with "
 
-                                        + "SecurityContextHolder");
 
-                    }
 
-
 
-                    SecurityContextHolder.setContext(generateNewContext());
 
-                }
 
-            } else {
 
-                if (logger.isDebugEnabled()) {
 
-                    logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
 
-                            + "SecurityContext instance associated with SecurityContextHolder");
 
+            SecurityContextHolder.setContext(generateNewContext());
 
+
 
+            return;
 
+        }
 
+
 
+        // Session exists, so try to obtain a context from it.
 
+
 
+        Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
 
+
 
+        if (contextFromSessionObject == null) {
 
+            if (logger.isDebugEnabled()) {
 
+                logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new "
 
+                        + "SecurityContext instance associated with SecurityContextHolder");
 
+            }
 
+
 
+            SecurityContextHolder.setContext(generateNewContext());
 
+
 
+            return;
 
+        }
 
+
 
+        // We now have the security context object from the session.
 
+
 
+        // Clone if required (see SEC-356)
 
+        if (cloneFromHttpSession) {
 
+            Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
 
+                    "Context must implement Clonable and provide a Object.clone() method");
 
+            try {
 
+                Method m = contextFromSessionObject.getClass().getMethod("clone", new Class[]{});
 
+                if (!m.isAccessible()) {
 
+                    m.setAccessible(true);
 
                 }
 
                 }
 
+                contextFromSessionObject = m.invoke(contextFromSessionObject, new Object[]{});
 
+            }
 
+            catch (Exception ex) {
 
+                ReflectionUtils.handleReflectionException(ex);
 
+            }
 
+        }
 
 
 
-                SecurityContextHolder.setContext(generateNewContext());
 
+        if (contextFromSessionObject instanceof SecurityContext) {
 
+            if (logger.isDebugEnabled()) {
 
+                logger.debug("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and "
 
+                        + "set to SecurityContextHolder: '" + contextFromSessionObject + "'");
 
             }
 
             }
 
+
 
+            SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
 
         } else {
 
         } else {
 
-            if (logger.isDebugEnabled()) {
 
-                logger.debug("No HttpSession currently exists - new SecurityContext instance "
 
-                        + "associated with SecurityContextHolder");
 
+            if (logger.isWarnEnabled()) {
 
+                logger
 
+                        .warn("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
 
+                                + contextFromSessionObject
 
+                                + "'; are you improperly modifying the HttpSession directly "
 
+                                + "(you should always use SecurityContextHolder) or using the HttpSession attribute "
 
+                                + "reserved for this class? - new SecurityContext instance associated with "
 
+                                + "SecurityContextHolder");
 
             }
 
             }
 
 
 
             SecurityContextHolder.setContext(generateNewContext());
 
             SecurityContextHolder.setContext(generateNewContext());