[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security/filter ...
Shane Bryzak
Shane_Bryzak at symantec.com
Fri Aug 4 21:57:54 EDT 2006
User: sbryzak2
Date: 06/08/04 21:57:54
Modified: src/main/org/jboss/seam/security/filter
SeamSecurityFilter.java
Log:
Security stuff
Revision Changes Path
1.8 +57 -57 jboss-seam/src/main/org/jboss/seam/security/filter/SeamSecurityFilter.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityFilter.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/filter/SeamSecurityFilter.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- SeamSecurityFilter.java 3 Aug 2006 03:59:47 -0000 1.7
+++ SeamSecurityFilter.java 5 Aug 2006 01:57:54 -0000 1.8
@@ -3,7 +3,6 @@
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
-
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -20,10 +19,10 @@
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.ContextAdaptor;
-import org.jboss.seam.contexts.WebApplicationContext;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.contexts.Lifecycle;
import org.jboss.seam.contexts.WebSessionContext;
import org.jboss.seam.security.Authentication;
-import org.jboss.seam.security.AuthenticationContext;
import org.jboss.seam.security.AuthenticationException;
import org.jboss.seam.security.authenticator.Authenticator;
import org.jboss.seam.security.config.SecurityConfig;
@@ -41,30 +40,29 @@
// private static final String CONFIG_RESOURCE = "/WEB-INF/seam-security.xml";
- private AuthenticationContext authContext;
- private Authenticator authenticator;
-
public void init(FilterConfig config)
throws ServletException
{
servletContext = config.getServletContext();
- Context appContext = new WebApplicationContext(servletContext);
- SecurityConfig.instance().setApplicationContext(appContext);
-
- authContext = (AuthenticationContext) appContext.get(
- "org.jboss.seam.security.AuthenticationContext");
+// try
+// {
+ /** @todo beginInitialization is the closest method we have to initialise the application context */
+// Lifecycle.beginInitialization(servletContext);
- authenticator = (Authenticator) appContext.get(
- "org.jboss.seam.security.Authenticator");
+// SecurityConfig.instance().setApplicationContext(
+// Contexts.getApplicationContext());
- if (authenticator == null)
- throw new ServletException("No Authenticator configured.");
+// if (Authenticator.instance() == null)
+// throw new ServletException("No Authenticator configured.");
+// }
+// finally
+// {
+ /** @todo clear the application context */
+// }
// try
// {
-// Lifecycle.setServletContext(servletContext);
-// Lifecycle.beginCall();
// SecurityConfig.instance().setServletContext(servletContext);
// SecurityConfig.instance().loadConfig(new SecurityConfigFileLoader(
// servletContext.getResourceAsStream(CONFIG_RESOURCE), servletContext));
@@ -78,10 +76,6 @@
// {
// throw new ServletException(ex);
// }
-// finally
-// {
-// Lifecycle.endCall();
-// }
}
public void doFilter(ServletRequest request, ServletResponse response,
@@ -90,34 +84,35 @@
{
HttpServletRequest hRequest = (HttpServletRequest) request;
- Context sessionContext = new WebSessionContext(
- ContextAdaptor.getSession(hRequest.getSession()));
+// Context sessionContext = new WebSessionContext(
+// ContextAdaptor.getSession(hRequest.getSession()));
+//
+// Authentication authentication = (Authentication)sessionContext.get(
+// "org.jboss.seam.security.Authentication");
- Authentication authentication = (Authentication)sessionContext.get(
- "org.jboss.seam.security.Authentication");
-
- LoginContext lc = null;
- try
- {
- if (authentication != null)
- {
- authContext.setAuthentication(authenticator.authenticate(authentication));
- CallbackHandler handler = new UsernamePasswordHandler(
- authentication.getPrincipal().toString(),
- authentication.getCredentials());
- try
- {
- lc = new LoginContext("client-login", handler);
- lc.login();
- }
- catch (LoginException ex)
- {
- ex.printStackTrace();
- }
-
- }
- }
- catch (AuthenticationException ex) { }
+// LoginContext lc = null;
+// try
+// {
+// Lifecycle.beginInitialization(servletContext);
+//
+// if (authentication != null)
+// {
+// AuthenticationContext.instance().setAuthentication(Authenticator.instance().authenticate(authentication));
+// CallbackHandler handler = new UsernamePasswordHandler(
+// authentication.getPrincipal().toString(),
+// authentication.getCredentials());
+// try
+// {
+// lc = new LoginContext("client-login", handler);
+// lc.login();
+// }
+// catch (LoginException ex)
+// {
+// ex.printStackTrace();
+// }
+// }
+// }
+// catch (AuthenticationException ex) { }
try
{
@@ -150,16 +145,21 @@
}
finally
{
- authContext.setAuthentication(null);
+ // Have to set the application context again because it's probably null
+// Lifecycle.beginInitialization(servletContext);
- if (lc != null)
- {
- try
- {
- lc.logout();
- }
- catch (LoginException ex){ }
- }
+// AuthenticationContext.instance().setAuthentication(null);
+
+// if (lc != null)
+// {
+// try
+// {
+// lc.logout();
+// }
+// catch (LoginException ex){ }
+// }
+
+ /** @todo Clear the application context somewhere here */
}
}
More information about the jboss-cvs-commits
mailing list