GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1147: Remove use of SessionRegistryUtils. Inlined the methods.

3.0.x
Luke Taylor 17 years ago
parent
8c94e39150
commit
4bc788828c
4 changed files with 18 additions and 73 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      core/src/main/java/org/springframework/security/authentication/concurrent/ConcurrentSessionControllerImpl.java
  2. 1
      core/src/main/java/org/springframework/security/authentication/concurrent/SessionRegistryImpl.java
  3. 60
      core/src/main/java/org/springframework/security/authentication/concurrent/SessionRegistryUtils.java
  4. 7
      web/src/main/java/org/springframework/security/web/util/SessionUtils.java

23
core/src/main/java/org/springframework/security/authentication/concurrent/ConcurrentSessionControllerImpl.java
Unescape View File

@ -88,10 +88,9 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException { public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException {
Assert.notNull(request, "Authentication request cannot be null (violation of interface contract)"); Assert.notNull(request, "Authentication request cannot be null (violation of interface contract)");
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(request); String sessionId = obtainSessionId(request);
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(request);
final List<SessionInformation> sessions = sessionRegistry.getAllSessions(principal, false); final List<SessionInformation> sessions = sessionRegistry.getAllSessions(request.getPrincipal(), false);
int sessionCount = sessions == null ? 0 : sessions.size(); int sessionCount = sessions == null ? 0 : sessions.size();
@ -137,10 +136,7 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
public void registerSuccessfulAuthentication(Authentication authentication) { public void registerSuccessfulAuthentication(Authentication authentication) {
Assert.notNull(authentication, "Authentication cannot be null (violation of interface contract)"); Assert.notNull(authentication, "Authentication cannot be null (violation of interface contract)");
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication); sessionRegistry.registerNewSession(obtainSessionId(authentication), authentication.getPrincipal());
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
sessionRegistry.registerNewSession(sessionId, principal);
} }
public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded) { public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded) {
@ -162,4 +158,17 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
public SessionRegistry getSessionRegistry() { public SessionRegistry getSessionRegistry() {
return sessionRegistry; return sessionRegistry;
} }
private String obtainSessionId(Authentication auth) {
if (auth.getDetails() == null || !(auth.getDetails() instanceof SessionIdentifierAware)) {
throw new IllegalArgumentException("The 'details' property of the supplied Authentication " +
"object must be set and must implement 'SessionIdentifierAware', but Authentication.getDetails() " +
"returned " + auth.getDetails());
}
String sessionId = ((SessionIdentifierAware) auth.getDetails()).getSessionId();
Assert.hasText(sessionId, "SessionIdentifierAware did not return a Session ID (" + auth.getDetails() + ")");
return sessionId;
}
} }

1
core/src/main/java/org/springframework/security/authentication/concurrent/SessionRegistryImpl.java
Unescape View File

@ -39,7 +39,6 @@ import org.springframework.util.Assert;
* <p> * <p>
* NB: It is important that you register the {@link org.springframework.security.web.session.HttpSessionEventPublisher} in * NB: It is important that you register the {@link org.springframework.security.web.session.HttpSessionEventPublisher} in
* <code>web.xml</code> so that this class is notified of sessions that expire. * <code>web.xml</code> so that this class is notified of sessions that expire.
* </p>
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$

60
core/src/main/java/org/springframework/security/authentication/concurrent/SessionRegistryUtils.java
Unescape View File

@ -1,60 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.authentication.concurrent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;
/**
* Utility methods to assist with concurrent session management.
*
* @author Ben Alex
* @version $Id$
*/
public final class SessionRegistryUtils {
//~ Constructors ===================================================================================================
private SessionRegistryUtils() {
}
//~ Methods ========================================================================================================
public static Object obtainPrincipalFromAuthentication(Authentication auth) {
Assert.notNull(auth, "Authentication required");
Assert.notNull(auth.getPrincipal(), "Authentication.getPrincipal() required");
if (auth.getPrincipal() instanceof UserDetails) {
return ((UserDetails) auth.getPrincipal()).getUsername();
} else {
return auth.getPrincipal();
}
}
public static String obtainSessionIdFromAuthentication(Authentication auth) {
Assert.notNull(auth, "Authentication required");
Assert.notNull(auth.getDetails(), "Authentication.getDetails() required");
Assert.isInstanceOf(SessionIdentifierAware.class, auth.getDetails());
String sessionId = ((SessionIdentifierAware) auth.getDetails()).getSessionId();
Assert.hasText(sessionId, "SessionIdentifierAware did not return a Session ID (" + auth.getDetails() + ")");
return sessionId;
}
}

7
web/src/main/java/org/springframework/security/web/util/SessionUtils.java
Unescape View File

@ -10,7 +10,6 @@ import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.concurrent.SessionRegistry; import org.springframework.security.authentication.concurrent.SessionRegistry;
import org.springframework.security.authentication.concurrent.SessionRegistryUtils;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
/** /**
@ -67,10 +66,8 @@ public final class SessionUtils {
if (sessionRegistry != null) { if (sessionRegistry != null) {
sessionRegistry.removeSessionInformation(originalSessionId); sessionRegistry.removeSessionInformation(originalSessionId);
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication( sessionRegistry.registerNewSession(session.getId(),
SecurityContextHolder.getContext().getAuthentication()); SecurityContextHolder.getContext().getAuthentication().getPrincipal());
sessionRegistry.registerNewSession(session.getId(), principal);
} }
} }
} }

Write Preview
Loading…
Cancel
Save