portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl SecurityValveImpl.java
Date Thu, 11 Nov 2004 07:51:52 GMT
taylor      2004/11/10 23:51:52

  Modified:    portal/src/java/org/apache/jetspeed/security/impl
                        SecurityValveImpl.java
  Log:
  execute the remainder of the pipeline as a privileged action in the context of the authenticated
subject
  
  Revision  Changes    Path
  1.8       +25 -6     jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
  
  Index: SecurityValveImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- SecurityValveImpl.java	24 Sep 2004 22:23:02 -0000	1.7
  +++ SecurityValveImpl.java	11 Nov 2004 07:51:52 -0000	1.8
  @@ -16,6 +16,7 @@
   package org.apache.jetspeed.security.impl;
   
   import java.security.Principal;
  +import java.security.PrivilegedAction;
   import java.util.HashSet;
   import java.util.Set;
   
  @@ -56,10 +57,11 @@
        */
       public void invoke(RequestContext request, ValveContext context) throws PipelineException
       {
  +        Subject subject = null;
           try
  -        {            
  +        {        
               Principal principal = request.getRequest().getUserPrincipal();
  -            Subject subject = (Subject) 
  +            subject = (Subject) 
                   request.getRequest().getSession().getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
               if (null == principal)
               {
  @@ -86,15 +88,32 @@
                   }
               }
               request.setSubject(subject);
  +            
  +            final ValveContext vc = context;
  +            final RequestContext rc = request;
  +            
  +            // Pass control to the next Valve in the Pipeline and execute under the current
subject
  +            Subject.doAs(subject, new PrivilegedAction()
  +            {
  +                public Object run()
  +                {
  +                    try 
  +                    {
  +                        vc.invokeNext(rc);
  +                    }
  +                    catch (PipelineException e)
  +                    {                        
  +                    }
  +                    return null;                    
  +                }
  +            });
  +            
           }
           catch (Throwable t)
           {
               // TODO: valve exception handling formalized
               t.printStackTrace();
           }
  -
  -        // Pass control to the next Valve in the Pipeline
  -        context.invokeNext(request);
   
       }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message