renamed WebUtils getServletRequest and getServletResponse to getRequiredServletRequest and getRequiredServletResponse respectively, and updated where those methods were being called.
git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711071 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/org/jsecurity/web/DefaultWebSecurityManager.java b/src/org/jsecurity/web/DefaultWebSecurityManager.java
index 440923e..443f19d 100644
--- a/src/org/jsecurity/web/DefaultWebSecurityManager.java
+++ b/src/org/jsecurity/web/DefaultWebSecurityManager.java
@@ -45,7 +45,7 @@
*/
public class DefaultWebSecurityManager extends DefaultSecurityManager {
- private static final Log log = LogFactory.getLog(DefaultWebSecurityManager.class);
+ private static final Log log = LogFactory.getLog(DefaultWebSecurityManager.class);
public static final String HTTP_SESSION_MODE = "http";
public static final String JSECURITY_SESSION_MODE = "jsecurity";
@@ -197,8 +197,8 @@
}
public Subject createSubject() {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
return createSubject(request, response);
}
@@ -230,8 +230,8 @@
protected void bind(Subject subject) {
super.bind(subject);
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
bind(subject, request, response);
}
diff --git a/src/org/jsecurity/web/WebRememberMeManager.java b/src/org/jsecurity/web/WebRememberMeManager.java
index b6af3dd..79bf92a 100644
--- a/src/org/jsecurity/web/WebRememberMeManager.java
+++ b/src/org/jsecurity/web/WebRememberMeManager.java
@@ -193,16 +193,16 @@
}
protected void rememberSerializedIdentity(byte[] serialized) {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
//base 64 encode it and store as a cookie:
String base64 = Base64.encodeToString(serialized);
getIdentityAttribute().storeValue(base64, request, response);
}
protected byte[] getSerializedRememberedIdentity() {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
String base64 = getIdentityAttribute().retrieveValue(request, response);
if (base64 != null) {
return Base64.decode(base64);
@@ -213,8 +213,8 @@
}
protected void forgetIdentity() {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
getIdentityAttribute().removeValue(request, response);
}
}
diff --git a/src/org/jsecurity/web/WebUtils.java b/src/org/jsecurity/web/WebUtils.java
index a9b01ca..0332988 100644
--- a/src/org/jsecurity/web/WebUtils.java
+++ b/src/org/jsecurity/web/WebUtils.java
@@ -55,17 +55,19 @@
/**
- * Message displayed when a servlet request or response is not bound to the current thread context.
+ * Message displayed when a servlet request or response is not bound to the current thread context when expected.
*/
private static final String NOT_BOUND_ERROR_MESSAGE =
"Make sure WebUtils.bind() is being called. (typically called by JSecurityFilter) " +
- "This could also happen when running integration tests that don't properly call WebUtils.bind().";
-
+ "This could also happen when running integration tests that don't properly call WebUtils.bind().";
public static final String SERVLET_REQUEST_KEY = ServletRequest.class.getName() + "_JSECURITY_THREAD_CONTEXT_KEY";
public static final String SERVLET_RESPONSE_KEY = ServletResponse.class.getName() + "_JSECURITY_THREAD_CONTEXT_KEY";
- // Key used to save a request and later restore it (e.g. when redirecting to a requested page after login)
+ /**
+ * {@link Session Session} key used to save a request and later restore it, for example when redirecting to a
+ * requested page after login, equal to <code>jsecuritySavedRequest</code>.
+ */
public static final String SAVED_REQUEST_KEY = "jsecuritySavedRequest";
@@ -212,8 +214,9 @@
/**
* Determine the encoding for the given request.
* Can be overridden in subclasses.
- * <p>The default implementation checks the request encoding,
- * falling back to the default encoding specified for this resolver.
+ * <p>The default implementation checks the request's
+ * {@link ServletRequest#getCharacterEncoding() character encoding}, and if that
+ * <code>null</code>, falls back to the {@link #DEFAULT_CHARACTER_ENCODING}.
*
* @param request current HTTP request
* @return the encoding for the request (never <code>null</code>)
@@ -234,8 +237,8 @@
* This implementation returns the InetAddress resolved from the request's
* {@link javax.servlet.ServletRequest#getRemoteHost() remoteHost} value. The returned <code>String</code>
* is resolved to an InetAddress by calling
- * {@link InetAddress#getByName(String) InetAddress.getByName(remoteHost)}. If the remote host is null or
- * <code>getByName(remoteHost)</code> throws an exception, <code>null</code> is returned.
+ * {@link InetAddress#getByName(String) InetAddress.getByName(remoteHost)}. If the remote host is <code>null</code>
+ * or <code>getByName(remoteHost)</code> throws an exception, <code>null</code> is returned.
*
* @param request the incoming ServletRequest
* @return the <code>InetAddress</code> associated with the current request, or <code>null</code> if the
@@ -300,23 +303,27 @@
}
/**
- * Convenience method that simplifies retrieval of a thread-bound ServletRequest. If there is no
- * ServletRequest bound to the thread, this method returns <tt>null</tt>. It is merely a convenient wrapper
- * for the following:
+ * Convenience method that simplifies retrieval of a required thread-bound ServletRequest. If there is no
+ * ServletRequest bound to the thread when this method is called, an <code>IllegalStateException</code> is
+ * thrown.
* <p/>
- * <code>return (ServletRequest)get( SERVLET_REQUEST_KEY );</code>
+ * This method is basically a convenient wrapper for the following:
+ * <p/>
+ * <code>(ServletRequest){@link ThreadContext#get ThreadContext.get}( SERVLET_REQUEST_KEY );</code>
+ * <p/>
+ * But throws an <code>IllegalStateException</code> if the value is not bound to the <code>ThreadContext</code>.
* <p/>
* This method only returns the bound value if it exists - it does not remove it
* from the thread. To remove it, one must call {@link #unbindServletRequest() unbindServletRequest} instead.
*
* @return the ServletRequest bound to the thread. Never returns null.
- * @throws IllegalStateException if no servlet request is bound in the thread context.
+ * @throws IllegalStateException if no servlet request is bound in the {@link ThreadContext ThreadContext}.
*/
- public static ServletRequest getServletRequest() {
+ public static ServletRequest getRequiredServletRequest() throws IllegalStateException {
ServletRequest request = (ServletRequest) ThreadContext.get(SERVLET_REQUEST_KEY);
- if( request == null ) {
- throw new IllegalStateException( "No ServletRequest found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE );
- }
+ if (request == null) {
+ throw new IllegalStateException("No ServletRequest found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE);
+ }
return request;
}
@@ -349,7 +356,8 @@
* <code>return (ServletRequest)ThreadContext.remove( SERVLET_REQUEST_KEY );</code>
* <p/>
* If you wish to just retrieve the object from the thread without removing it (so it can be retrieved later during
- * thread execution), you should use the {@link #getServletRequest() getServletRequest()} method for that purpose.
+ * thread execution), you should use the {@link #getRequiredServletRequest() getRequiredServletRequest()} method
+ * for that purpose.
*
* @return the Session object previously bound to the thread, or <tt>null</tt> if there was none bound.
*/
@@ -358,22 +366,26 @@
}
/**
- * Convenience method that simplifies retrieval of a thread-bound ServletResponse. If there is no
- * ServletResponse bound to the thread, this method returns <tt>null</tt>. It is merely a convenient wrapper
- * for the following:
+ * Convenience method that simplifies retrieval of a required thread-bound ServletResponse. If there is no
+ * ServletResponse bound to the thread when this method is called, an <code>IllegalStateException</code> is
+ * thrown.
* <p/>
- * <code>return (ServletResponse)ThreadContext.get( SERVLET_RESPONSE_KEY );</code>
+ * This method is basically a convenient wrapper for the following:
+ * <p/>
+ * <code>return (ServletResponse){@link ThreadContext#get ThreadContext.get}( SERVLET_RESPONSE_KEY );</code>
+ * <p/>
+ * But throws an <code>IllegalStateException</code> if the value is not bound to the <code>ThreadContext</code>.
* <p/>
* This method only returns the bound value if it exists - it does not remove it
* from the thread. To remove it, one must call {@link #unbindServletResponse() unbindServletResponse} instead.
*
* @return the ServletResponse bound to the thread. Never returns null.
- * @throws IllegalStateException if no servlet response is bound in the thread context.
+ * @throws IllegalStateException if no <code>ServletResponse> is bound in the {@link ThreadContext ThreadContext}
*/
- public static ServletResponse getServletResponse() {
+ public static ServletResponse getRequiredServletResponse() throws IllegalStateException {
ServletResponse response = (ServletResponse) ThreadContext.get(SERVLET_RESPONSE_KEY);
- if( response == null ) {
- throw new IllegalStateException( "No ServletResponse found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE );
+ if (response == null) {
+ throw new IllegalStateException("No ServletResponse found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE);
}
return response;
}
@@ -407,7 +419,8 @@
* <code>return (ServletResponse)ThreadContext.remove( SERVLET_RESPONSE_KEY );</code>
* <p/>
* If you wish to just retrieve the object from the thread without removing it (so it can be retrieved later during
- * thread execution), you should use the {@link #getServletResponse() getServletResponse()} method for that purpose.
+ * thread execution), you should use the {@link #getRequiredServletResponse() getRequiredServletResponse()} method
+ * for that purpose.
*
* @return the Session object previously bound to the thread, or <tt>null</tt> if there was none bound.
*/
@@ -484,19 +497,15 @@
* @return true if the given parameter is considered "true" - false otherwise.
*/
public static boolean isTrue(ServletRequest request, String paramName) {
- String paramValue = getCleanParam(request, paramName);
-
- if (paramValue == null) {
- return false;
- } else {
- return paramValue.equalsIgnoreCase("true") ||
- paramValue.equalsIgnoreCase("t") ||
- paramValue.equalsIgnoreCase("1") ||
- paramValue.equalsIgnoreCase("enabled") ||
- paramValue.equalsIgnoreCase("y") ||
- paramValue.equalsIgnoreCase("yes") ||
- paramValue.equalsIgnoreCase("on");
- }
+ String value = getCleanParam(request, paramName);
+ return value != null &&
+ (value.equalsIgnoreCase("true") ||
+ value.equalsIgnoreCase("t") ||
+ value.equalsIgnoreCase("1") ||
+ value.equalsIgnoreCase("enabled") ||
+ value.equalsIgnoreCase("y") ||
+ value.equalsIgnoreCase("yes") ||
+ value.equalsIgnoreCase("on"));
}
/**
diff --git a/src/org/jsecurity/web/session/DefaultWebSessionManager.java b/src/org/jsecurity/web/session/DefaultWebSessionManager.java
index 1bf34f8..966b177 100644
--- a/src/org/jsecurity/web/session/DefaultWebSessionManager.java
+++ b/src/org/jsecurity/web/session/DefaultWebSessionManager.java
@@ -45,7 +45,7 @@
*/
public class DefaultWebSessionManager extends DefaultSessionManager implements WebSessionManager {
- private static final Log log = LogFactory.getLog(DefaultWebSessionManager.class);
+ private static final Log log = LogFactory.getLog(DefaultWebSessionManager.class);
/**
* Property specifying if, after a session object is acquired from the request, if that session should be
@@ -214,8 +214,8 @@
}
public Serializable start(InetAddress hostAddress) throws HostUnauthorizedException, IllegalArgumentException {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
return start(request, response, hostAddress);
}
@@ -231,8 +231,8 @@
if (sessionId != null) {
return super.retrieveSession(sessionId);
} else {
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
return getSession(request, response);
}
}
@@ -307,8 +307,8 @@
protected void onStop(Session session) {
super.onStop(session);
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
getSessionIdCookieAttribute().removeValue(request, response);
}
}
diff --git a/src/org/jsecurity/web/session/ServletContainerSessionManager.java b/src/org/jsecurity/web/session/ServletContainerSessionManager.java
index e8b2e59..267ed71 100644
--- a/src/org/jsecurity/web/session/ServletContainerSessionManager.java
+++ b/src/org/jsecurity/web/session/ServletContainerSessionManager.java
@@ -59,8 +59,8 @@
protected Session doGetSession(Serializable sessionId) throws InvalidSessionException {
//Ignore session id since there is no way to acquire a session based on an id in a servlet container
//(that is implementation agnostic)
- ServletRequest request = WebUtils.getServletRequest();
- ServletResponse response = WebUtils.getServletResponse();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
+ ServletResponse response = WebUtils.getRequiredServletResponse();
return getSession(request, response);
}
@@ -74,7 +74,7 @@
}
protected Session createSession(InetAddress originatingHost) throws HostUnauthorizedException, IllegalArgumentException {
- ServletRequest request = WebUtils.getServletRequest();
+ ServletRequest request = WebUtils.getRequiredServletRequest();
HttpSession httpSession = ((HttpServletRequest) request).getSession();
return createSession(httpSession, originatingHost);
}