JavaDoc updates and removed validation checks after subject.logout() is called - a Subject is still valid even after logout - it is just considered anonymous again after that point.
git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@711059 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/org/jsecurity/mgt/DefaultSecurityManager.java b/src/org/jsecurity/mgt/DefaultSecurityManager.java
index dba2ace..b4c32b3 100644
--- a/src/org/jsecurity/mgt/DefaultSecurityManager.java
+++ b/src/org/jsecurity/mgt/DefaultSecurityManager.java
@@ -69,7 +69,7 @@
*/
public class DefaultSecurityManager extends SessionsSecurityManager {
- private static final Log log = LogFactory.getLog(DefaultSecurityManager.class);
+ private static final Log log = LogFactory.getLog(DefaultSecurityManager.class);
protected RememberMeManager rememberMeManager;
@@ -198,7 +198,7 @@
assertPrincipals(info);
//get any existing session that may exist - we don't want to lose it:
- Subject subject = getSubject();
+ Subject subject = getSubject(false);
Session session = null;
if (subject != null) {
session = subject.getSession(false);
diff --git a/src/org/jsecurity/subject/DelegatingSubject.java b/src/org/jsecurity/subject/DelegatingSubject.java
index 55ffcf9..55acb87 100644
--- a/src/org/jsecurity/subject/DelegatingSubject.java
+++ b/src/org/jsecurity/subject/DelegatingSubject.java
@@ -38,25 +38,26 @@
import java.util.List;
/**
- * <p>Implementation of the <tt>Subject</tt> interface that delegates
+ * Implementation of the <tt>Subject</tt> interface that delegates
* method calls to an underlying {@link org.jsecurity.mgt.SecurityManager SecurityManager} instance for security checks.
- * It is essentially a <tt>SecurityManager</tt> proxy.</p>
- *
- * <p>This implementation does not maintain state such as roles and permissions (only a subject
- * identifier, such as a user primary key or username) for better performance in a stateless
+ * It is essentially a <tt>SecurityManager</tt> proxy.
+ * <p/>
+ * This implementation does not maintain state such as roles and permissions (only <code>Subject</code>
+ * {@link #getPrincipals() principals}, such as usernames or user primary keys) for better performance in a stateless
* architecture. It instead asks the underlying <tt>SecurityManager</tt> every time to perform
- * the authorization check.</p>
- *
- * <p>A common misconception in using this implementation is that an EIS resource (RDBMS, etc) would
+ * the authorization check.
+ * <p/>
+ * A common misconception in using this implementation is that an EIS resource (RDBMS, etc) would
* be "hit" every time a method is called. This is not necessarily the case and is
* up to the implementation of the underlying <tt>SecurityManager</tt> instance. If caching of authorization
* data is desired (to eliminate EIS round trips and therefore improve database performance), it is considered
- * much more elegant to let the underlying <tt>SecurityManager</tt> implementation manage caching, not this class. A
- * <tt>SecurityManager</tt> is considered a business-tier component, where caching strategies are better suited.</p>
- *
- * <p>Applications from large and clustered to simple and vm local all benefit from
+ * much more elegant to let the underlying <tt>SecurityManager</tt> implementation or its delegate components
+ * manage caching, not this class. A <tt>SecurityManager</tt> is considered a business-tier component,
+ * where caching strategies are better suited.
+ * <p/>
+ * Applications from large and clustered to simple and vm local all benefit from
* stateless architectures. This implementation plays a part in the stateless programming
- * paradigm and should be used whenever possible.</p>
+ * paradigm and should be used whenever possible.
*
* @author Les Hazlewood
* @author Jeremy Haile
@@ -70,7 +71,6 @@
protected boolean authenticated = false;
protected InetAddress inetAddress = null;
protected Session session = null;
- protected boolean invalidated = false;
protected SecurityManager securityManager;
@@ -106,21 +106,6 @@
}
}
- protected void assertValid() throws InvalidSubjectException {
- if (isInvalidated()) {
- String msg = "The Subject has been invalidated. It can no longer be used.";
- throw new InvalidSubjectException(msg);
- }
- }
-
- protected boolean isInvalidated() {
- return invalidated;
- }
-
- protected void setInvalidated(boolean invalidated) {
- this.invalidated = invalidated;
- }
-
public org.jsecurity.mgt.SecurityManager getSecurityManager() {
return securityManager;
}
@@ -135,7 +120,6 @@
* @return the InetAddress associated with the client who created/is interacting with this Subject.
*/
public InetAddress getInetAddress() {
- assertValid();
return this.inetAddress;
}
@@ -155,17 +139,14 @@
}
public boolean isPermitted(String permission) {
- assertValid();
return hasPrincipal() && securityManager.isPermitted(getPrincipals(), permission);
}
public boolean isPermitted(Permission permission) {
- assertValid();
return hasPrincipal() && securityManager.isPermitted(getPrincipals(), permission);
}
public boolean[] isPermitted(String... permissions) {
- assertValid();
if (hasPrincipal()) {
return securityManager.isPermitted(getPrincipals(), permissions);
} else {
@@ -174,7 +155,6 @@
}
public boolean[] isPermitted(List<Permission> permissions) {
- assertValid();
if (hasPrincipal()) {
return securityManager.isPermitted(getPrincipals(), permissions);
} else {
@@ -183,58 +163,54 @@
}
public boolean isPermittedAll(String... permissions) {
- assertValid();
return hasPrincipal() && securityManager.isPermittedAll(getPrincipals(), permissions);
}
public boolean isPermittedAll(Collection<Permission> permissions) {
- assertValid();
return hasPrincipal() && securityManager.isPermittedAll(getPrincipals(), permissions);
}
protected void assertAuthzCheckPossible() throws AuthorizationException {
if (!hasPrincipal()) {
- String msg = "Account data has not yet been associated with this Subject instance" +
- "(this can be done by executing " + Subject.class.getName() + ".login(AuthenticationToken) )." +
- "Therefore, authorization operations are not possible (a Subject/Account identity is required first). " +
- "Denying authorization.";
+ String msg = "Identity principals are not associated with this Subject instance - " +
+ "authorization operations require an identity to check against. A Subject instance will " +
+ "acquire these identifying principals automatically after a successful login is performed " +
+ "be executing " + Subject.class.getName() + ".login(AuthenticationToken) or when 'Remember Me' " +
+ "functionality is enabled. This exception can also occur when the current subject has logged out, " +
+ "which relinquishes its identity and essentially makes it anonymous again. " +
+ "Because an identity is currently not known due to any of these conditions, " +
+ "authorization is denied.";
throw new UnauthenticatedException(msg);
}
}
public void checkPermission(String permission) throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkPermission(getPrincipals(), permission);
}
public void checkPermission(Permission permission) throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkPermission(getPrincipals(), permission);
}
public void checkPermissions(String... permissions)
throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkPermissions(getPrincipals(), permissions);
}
public void checkPermissions(Collection<Permission> permissions)
throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkPermissions(getPrincipals(), permissions);
}
public boolean hasRole(String roleIdentifier) {
- assertValid();
return hasPrincipal() && securityManager.hasRole(getPrincipals(), roleIdentifier);
}
public boolean[] hasRoles(List<String> roleIdentifiers) {
- assertValid();
if (hasPrincipal()) {
return securityManager.hasRoles(getPrincipals(), roleIdentifiers);
} else {
@@ -243,24 +219,20 @@
}
public boolean hasAllRoles(Collection<String> roleIdentifiers) {
- assertValid();
return hasPrincipal() && securityManager.hasAllRoles(getPrincipals(), roleIdentifiers);
}
public void checkRole(String role) throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkRole(getPrincipals(), role);
}
public void checkRoles(Collection<String> roles) throws AuthorizationException {
- assertValid();
assertAuthzCheckPossible();
securityManager.checkRoles(getPrincipals(), roles);
}
public void login(AuthenticationToken token) throws AuthenticationException {
- assertValid();
Subject authcSecCtx = securityManager.login(token);
PrincipalCollection principals = authcSecCtx.getPrincipals();
if (principals == null || principals.isEmpty()) {
@@ -288,7 +260,6 @@
}
public boolean isAuthenticated() {
- assertValid();
return authenticated;
}
@@ -297,8 +268,6 @@
}
public Session getSession(boolean create) {
- assertValid();
-
if (log.isTraceEnabled()) {
log.trace("attempting to get session; create = " + create + "; session is null = " + (this.session == null) + "; session has id = " + (this.session != null && session.getId() != null));
}
@@ -314,14 +283,9 @@
}
public void logout() {
- if (isInvalidated()) {
- return;
- }
-
try {
this.securityManager.logout(getPrincipals());
} finally {
- setInvalidated(true);
this.session = null;
this.principals = null;
this.authenticated = false;
@@ -344,7 +308,7 @@
}
public void stop() throws InvalidSessionException {
- proxy.stop();
+ super.stop();
owner.sessionStopped();
}
}
