OFBiz OFBiz - Commits

svn commit: r770771 - in /ofbiz/trunk: applications/securityext/src/org/ofbiz/securityext/test/ framework/security/src/org/ofbiz/security/authz/ framework/webapp/src/org/ofbiz/webapp/control/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jaz-3
Reply | Threaded
Open this post in threaded view
|

svn commit: r770771 - in /ofbiz/trunk: applications/securityext/src/org/ofbiz/securityext/test/ framework/security/src/org/ofbiz/security/authz/ framework/webapp/src/org/ofbiz/webapp/control/

jaz-3
Author: jaz
Date: Fri May  1 17:47:52 2009
New Revision: 770771

URL: http://svn.apache.org/viewvc?rev=770771&view=rev
Log:
Often thread pools do not clear ThreadLocal, implemented a workaround to handle this

Modified:
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
    ofbiz/trunk/framework/security/src/org/ofbiz/security/authz/AbtractAuthorization.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java

Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java?rev=770771&r1=770770&r2=770771&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java Fri May  1 17:47:52 2009
@@ -4,6 +4,7 @@
 
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.security.SecurityConfigurationException;
+import org.ofbiz.security.authz.AbtractAuthorization;
 import org.ofbiz.security.authz.Authorization;
 import org.ofbiz.security.authz.AuthorizationFactory;
 import org.ofbiz.service.testtools.OFBizTestCase;
@@ -11,7 +12,7 @@
 public class AuthorizationTests extends OFBizTestCase {
 
     private static final String module = AuthorizationTests.class.getName();
-    protected Authorization security;
+    protected Authorization security = null;
     
     public AuthorizationTests(String name) {
         super(name);
@@ -19,7 +20,10 @@
     
     @Override
     public void setUp() throws SecurityConfigurationException {
-        security = AuthorizationFactory.getInstance(delegator);
+        if (security == null) {
+            security = AuthorizationFactory.getInstance(delegator);
+        }
+        AbtractAuthorization.clearThreadLocal();
     }
                   
     public void testBasicAdminPermission() throws Exception {

Modified: ofbiz/trunk/framework/security/src/org/ofbiz/security/authz/AbtractAuthorization.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/security/src/org/ofbiz/security/authz/AbtractAuthorization.java?rev=770771&r1=770770&r2=770771&view=diff
==============================================================================
--- ofbiz/trunk/framework/security/src/org/ofbiz/security/authz/AbtractAuthorization.java (original)
+++ ofbiz/trunk/framework/security/src/org/ofbiz/security/authz/AbtractAuthorization.java Fri May  1 17:47:52 2009
@@ -125,9 +125,11 @@
         }
         
         // set the tracking values on thread local
+        boolean initialCall = false;
         if (UtilValidate.isEmpty(threadUid)) {
             origPermission.set(permission);
             uid.set(userId);
+            initialCall = true;
         }
                       
  // split the permission string; so we can walk up the levels
@@ -171,7 +173,7 @@
     
      // finally check dynamic permission (outside the loop)
      String threadPerm = origPermission.get();
-     if (!permission.equals(threadPerm)) {
+     if (initialCall || !permission.equals(threadPerm)) {
          if (hasDynamicPermission(userId, expandedPermission, context)) {
             // permission granted
             handleAutoGrantPermissions(userId, expandedPermission, context);
@@ -207,4 +209,14 @@
             autoGrant.set(granted);            
         }
  }
+
+ /**
+ * Used to clear the values set in ThreadLocal
+ * -- needed when thread pools are used which do not handle clearing between requests
+ */
+ public static void clearThreadLocal() {
+    origPermission.remove();
+        autoGrant.remove();
+        uid.remove();        
+ }
 }

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java?rev=770771&r1=770770&r2=770771&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java Fri May  1 17:47:52 2009
@@ -54,6 +54,7 @@
 import org.ofbiz.security.Security;
 import org.ofbiz.security.SecurityConfigurationException;
 import org.ofbiz.security.SecurityFactory;
+import org.ofbiz.security.authz.AbtractAuthorization;
 import org.ofbiz.security.authz.Authorization;
 import org.ofbiz.security.authz.AuthorizationFactory;
 import org.ofbiz.service.GenericDispatcher;
@@ -129,6 +130,9 @@
             Thread.currentThread().setContextClassLoader(localCachedClassLoader);
         }
 
+        // reset thread local security; used when thread pools don't clear
+        AbtractAuthorization.clearThreadLocal();
+        
         // set the webSiteId in the session
         httpRequest.getSession().setAttribute("webSiteId", config.getServletContext().getAttribute("webSiteId"));
 


Free forum by Nabble Edit this page