[jboss-cvs] JBossAS SVN: r65632 - in branches: Branch_4_0/tomcat/src/resources and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 26 16:10:04 EDT 2007
Author: mmoyses
Date: 2007-09-26 16:10:04 -0400 (Wed, 26 Sep 2007)
New Revision: 65632
Modified:
branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
branches/Branch_4_0/tomcat/src/resources/web.xml
branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
branches/Branch_4_2/tomcat/src/resources/web.xml
Log:
Created filter to add the principal to the http session, so it can be retrieved when the session expires.
Fix for JBAS-4752.
Modified: branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
===================================================================
--- branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java 2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java 2007-09-26 20:10:04 UTC (rev 65632)
@@ -55,6 +55,8 @@
private String securityDomain = null;
+ private static final String JBOSS_PRINCIPAL = "org.jboss.web.tomcat.security.principal";
+
/**
*
* Create a new SecurityFlushSessionListener.
@@ -82,6 +84,12 @@
if(securityDomain == null)
log.debug("Unable to obtain SecurityDomain");
Principal principal = getPrincipal(subject);
+ if(principal == null)
+ {
+ if(trace)
+ log.trace("Searching for principal in the session");
+ principal = (Principal) httpSessionEvent.getSession().getAttribute(JBOSS_PRINCIPAL);
+ }
if(principal != null && securityDomain != null)
flushAuthenticationCache(principal);
}catch(Exception e)
Modified: branches/Branch_4_0/tomcat/src/resources/web.xml
===================================================================
--- branches/Branch_4_0/tomcat/src/resources/web.xml 2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_0/tomcat/src/resources/web.xml 2007-09-26 20:10:04 UTC (rev 65632)
@@ -28,7 +28,22 @@
<filter-name>CommonHeadersFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+
+ <!-- JBAS-4752: This filter should be enabled when authentication cache -->
+ <!-- must be flushed as soon as the http sessions expire. -->
+
+ <!--
+ <filter>
+ <filter-name>PrincipalSessionAttributeFilter</filter-name>
+ <filter-class>org.jboss.web.tomcat.security.PrincipalSessionAttributeFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>PrincipalSessionAttributeFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+ -->
+
<!-- ================== Common Listener Configuration ==================== -->
<listener>
<listener-class>org.jboss.web.tomcat.security.SecurityFlushSessionListener</listener-class>
Modified: branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java
===================================================================
--- branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java 2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/SecurityFlushSessionListener.java 2007-09-26 20:10:04 UTC (rev 65632)
@@ -55,6 +55,8 @@
private String securityDomain = null;
+ private static final String JBOSS_PRINCIPAL = "org.jboss.web.tomcat.security.principal";
+
/**
*
* Create a new SecurityFlushSessionListener.
@@ -82,6 +84,12 @@
if(securityDomain == null)
log.debug("Unable to obtain SecurityDomain");
Principal principal = getPrincipal(subject);
+ if(principal == null)
+ {
+ if(trace)
+ log.trace("Searching for principal in the session");
+ principal = (Principal) httpSessionEvent.getSession().getAttribute(JBOSS_PRINCIPAL);
+ }
if(principal != null && securityDomain != null)
flushAuthenticationCache(principal);
}catch(Exception e)
Modified: branches/Branch_4_2/tomcat/src/resources/web.xml
===================================================================
--- branches/Branch_4_2/tomcat/src/resources/web.xml 2007-09-26 20:02:54 UTC (rev 65631)
+++ branches/Branch_4_2/tomcat/src/resources/web.xml 2007-09-26 20:10:04 UTC (rev 65632)
@@ -36,7 +36,22 @@
<filter-name>CommonHeadersFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+
+ <!-- JBAS-4752: This filter should be enabled when authentication cache -->
+ <!-- must be flushed as soon as the http sessions expire. -->
+
+ <!--
+ <filter>
+ <filter-name>PrincipalSessionAttributeFilter</filter-name>
+ <filter-class>org.jboss.web.tomcat.security.PrincipalSessionAttributeFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>PrincipalSessionAttributeFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+ -->
+
<!-- ================== Common Listener Configuration ==================== -->
<listener>
<listener-class>org.jboss.web.tomcat.security.SecurityFlushSessionListener</listener-class>
More information about the jboss-cvs-commits
mailing list