Announcement Announcement Module
Collapse
No announcement yet.
HttpSessionContextIntegrationFilter.setContextClas s() not work Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HttpSessionContextIntegrationFilter.setContextClas s() not work

    Hi,
    I am using SpringSecurity 2.0 RC1 in my web application.
    I wrote my SecurityContext class, and I set my SecurityContextImpl to HttpSessionContextIntegrationFilter.setContextClas s().

    but it doesn't work. I got org.springframework.security.context.SecurityConte xtImpl instance.

    I want to get my SecurityContextImpl..
    HttpSessionContextIntegrationFilter's contextObject is always created in constructor before setContextClass() called.

    Please let me know what needs to use my SecurityContext.

    Thanks your help.

  • #2
    Where are you checking the class type? generateNewContext() is called whenever there is no context in the user's session, so you should see your own context class.

    The logic for setting contextObject is still incorrect, so I've opened an issue

    http://jira.springframework.org/browse/SEC-761

    but this object is internal to the class, so shouldn't affect you.

    Comment


    • #3
      Hi, Luke
      Thank you for your reply.

      It works well.

      I wrote my MySecurityContextImpl extended default SecurityContextImpl,
      so MySecurityContextImpl was judged default SecurityContextImpl's instance in HttpSessionContextIntegrationFilter.storeSecurityC ontextInSession().
      I should implement SecurityContext interface.

      Thank you.

      Comment


      • #4
        Hi, Luke

        It works well(posted above),
        but I have one more question.

        In my opinion, org.springframework.security.context.SecurityConte xtImpl should be final class.

        Actually, I was not checking the class type.
        MySecurityContextImpl's property changed in AuthenticationProcessingFilter,
        but SecurityContextHolder had no SecurityContext.
        Because MySecurityContextImpl extended org.springframework.security.context.SecurityConte xtImpl,
        so below code in HttpSessionContextIntegrationFilter.storeSecurityC ontextInSession() always returned true!

        Code:
                        } else if (!contextObject.equals(securityContext)) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
                            }
        If we can extend SecurityContextImpl,
        code might be

        Code:
                        } else if (!securityContext.equals(contextObject)) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
                            }
        Thanks
        Last edited by ashspring; Apr 11th, 2008, 03:37 AM.

        Comment

        Working...
        X