def session_start_response(status, headers, exc_info = None):
session[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY] = \
pickle.dumps(SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug("SecurityContextHolder cleared out, as request processing completed")
if session.accessed():
session.persist()
if session.__dict__['_headers']['set_cookie']:
cookie = session.__dict__['_headers']['cookie_out']
if cookie:
headers.append(('Set-cookie', cookie))
return start_response(status, headers, exc_info)
def __call__(self, environ, start_response):
"""This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder."""
httpSession = self.sessionStrategy.getHttpSession(environ)
contextWhenChainProceeded = None
if httpSession is not None:
contextFromSessionObject = None
if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession:
contextFromSessionObject = pickle.loads(httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY])
if contextFromSessionObject is not None:
if isinstance(contextFromSessionObject, SecurityContext):
self.logger.debug("Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set "
+ "to SecurityContextHolder: '%s'" % contextFromSessionObject)
SecurityContextHolder.setContext(contextFromSessionObject)
else:
self.logger.warn("SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % contextFromSessionObject
+ "'; are you improperly modifying the HttpSession directly (you should always use "
+ "SecurityContextHolder) or using the HttpSession attribute reserved for this class? "
+ "- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug("HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " +
"- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
self.logger.debug("Setting contextWhenChainProceeded to %s" % SecurityContextHolder.getContext())
contextWhenChainProceeded = str(SecurityContextHolder.getContext())
results = self.doNextFilter(environ, start_response)
self.sessionStrategy.setHttpSession(self.SPRINGPYTHON_SECURITY_CONTEXT_KEY,
pickle.dumps(SecurityContextHolder.getContext()))
self.logger.debug("SecurityContext stored to HttpSession: '%s'" % SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug("SecurityContextHolder cleared out, as request processing completed")
return results
def __call__(self, environ, start_response):
"""This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder."""
httpSession = self.sessionStrategy.getHttpSession(environ)
contextWhenChainProceeded = None
if httpSession is not None:
contextFromSessionObject = None
if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession:
contextFromSessionObject = pickle.loads(
httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY])
if contextFromSessionObject is not None:
if isinstance(contextFromSessionObject, SecurityContext):
self.logger.debug(
"Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set "
+ "to SecurityContextHolder: '%s'" %
contextFromSessionObject)
SecurityContextHolder.setContext(contextFromSessionObject)
else:
self.logger.warn(
"SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'"
% contextFromSessionObject +
"'; are you improperly modifying the HttpSession directly (you should always use "
+
"SecurityContextHolder) or using the HttpSession attribute reserved for this class? "
+
"- new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug(
"HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY "
+
"- new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug(
"No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
self.logger.debug("Setting contextWhenChainProceeded to %s" %
SecurityContextHolder.getContext())
contextWhenChainProceeded = str(SecurityContextHolder.getContext())
results = self.doNextFilter(environ, start_response)
self.sessionStrategy.setHttpSession(
self.SPRINGPYTHON_SECURITY_CONTEXT_KEY,
pickle.dumps(SecurityContextHolder.getContext()))
self.logger.debug("SecurityContext stored to HttpSession: '%s'" %
SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug(
"SecurityContextHolder cleared out, as request processing completed"
)
return results
