[jboss-cvs] JBossAS SVN: r65632 - in branches: Branch_4_0/tomcat/src/resources and 2 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Sep 26 16:10:04 EDT 2007 

Author: mmoyses
Date: 2007-09-26 16:10:04 -0400 (Wed, 26 Sep 2007)
New Revision: 65632

Modified:
   branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
   branches/Branch_4_0/tomcat/src/resources/web.xml
   branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
   branches/Branch_4_2/tomcat/src/resources/web.xml
Log:
Created filter to add the principal to the http session, so it can be retrieved when the session expires.
Fix for JBAS-4752.

Modified: branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
===================================================================
--- branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java	2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java	2007-09-26 20:10:04 UTC (rev 65632)
@@ -55,6 +55,8 @@
    
    private String securityDomain = null; 
    
+   private static final String JBOSS_PRINCIPAL = "org.jboss.web.tomcat.security.principal";
+   
    /**
     * 
     * Create a new SecurityFlushSessionListener.
@@ -82,6 +84,12 @@
          if(securityDomain == null) 
             log.debug("Unable to obtain SecurityDomain"); 
          Principal principal = getPrincipal(subject);
+         if(principal == null)
+         {
+        	 if(trace)
+        		 log.trace("Searching for principal in the session");
+        	 principal = (Principal) httpSessionEvent.getSession().getAttribute(JBOSS_PRINCIPAL);
+         }
          if(principal != null && securityDomain != null)
             flushAuthenticationCache(principal);
       }catch(Exception e)

Modified: branches/Branch_4_0/tomcat/src/resources/web.xml
===================================================================
--- branches/Branch_4_0/tomcat/src/resources/web.xml	2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_0/tomcat/src/resources/web.xml	2007-09-26 20:10:04 UTC (rev 65632)
@@ -28,7 +28,22 @@
       <filter-name>CommonHeadersFilter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>
+   
+   <!-- JBAS-4752: This filter should be enabled when authentication cache   -->
+   <!-- must be flushed as soon as the http sessions expire.                 -->
+   
+   <!--
+   <filter>
+      <filter-name>PrincipalSessionAttributeFilter</filter-name>
+      <filter-class>org.jboss.web.tomcat.security.PrincipalSessionAttributeFilter</filter-class>
+   </filter>
 
+   <filter-mapping>
+      <filter-name>PrincipalSessionAttributeFilter</filter-name>
+      <url-pattern>/*</url-pattern>
+   </filter-mapping>
+   -->
+
    <!-- ================== Common Listener Configuration ==================== -->
    <listener>
       <listener-class>org.jboss.web.tomcat.security.SecurityFlushSessionListener</listener-class>

Modified: branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
===================================================================
--- branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java	2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java	2007-09-26 20:10:04 UTC (rev 65632)
@@ -55,6 +55,8 @@
    
    private String securityDomain = null; 
    
+   private static final String JBOSS_PRINCIPAL = "org.jboss.web.tomcat.security.principal";
+   
    /**
     * 
     * Create a new SecurityFlushSessionListener.
@@ -82,6 +84,12 @@
          if(securityDomain == null) 
             log.debug("Unable to obtain SecurityDomain"); 
          Principal principal = getPrincipal(subject);
+         if(principal == null)
+         {
+        	 if(trace)
+        		 log.trace("Searching for principal in the session");
+        	 principal = (Principal) httpSessionEvent.getSession().getAttribute(JBOSS_PRINCIPAL);
+         }
          if(principal != null && securityDomain != null)
             flushAuthenticationCache(principal);
       }catch(Exception e)

Modified: branches/Branch_4_2/tomcat/src/resources/web.xml
===================================================================
--- branches/Branch_4_2/tomcat/src/resources/web.xml	2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_2/tomcat/src/resources/web.xml	2007-09-26 20:10:04 UTC (rev 65632)
@@ -36,7 +36,22 @@
       <filter-name>CommonHeadersFilter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>
+   
+   <!-- JBAS-4752: This filter should be enabled when authentication cache   -->
+   <!-- must be flushed as soon as the http sessions expire.                 -->
+   
+   <!--
+   <filter>
+      <filter-name>PrincipalSessionAttributeFilter</filter-name>
+      <filter-class>org.jboss.web.tomcat.security.PrincipalSessionAttributeFilter</filter-class>
+   </filter>
 
+   <filter-mapping>
+      <filter-name>PrincipalSessionAttributeFilter</filter-name>
+      <url-pattern>/*</url-pattern>
+   </filter-mapping>
+   -->
+
    <!-- ================== Common Listener Configuration ==================== -->
    <listener>
       <listener-class>org.jboss.web.tomcat.security.SecurityFlushSessionListener</listener-class>

More information about the jboss-cvs-commits mailing list