001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.context;
017:
018: import org.springframework.util.ReflectionUtils;
019:
020: import java.lang.reflect.Constructor;
021:
022: /**
023: * Associates a given {@link SecurityContext} with the current execution thread.<p>This class provides a series of
024: * static methods that delegate to an instance of {@link org.acegisecurity.context.SecurityContextHolderStrategy}. The
025: * purpose of the class is to provide a convenient way to specify the strategy that should be used for a given JVM.
026: * This is a JVM-wide setting, since everything in this class is <code>static</code> to facilitate ease of use in
027: * calling code.</p>
028: * <p>To specify which strategy should be used, you must provide a mode setting. A mode setting is one of the
029: * three valid <code>MODE_</code> settings defined as <code>static final</code> fields, or a fully qualified classname
030: * to a concrete implementation of {@link org.acegisecurity.context.SecurityContextHolderStrategy} that provides a
031: * public no-argument constructor.</p>
032: * <p>There are two ways to specify the desired strategy mode <code>String</code>. The first is to specify it via
033: * the system property keyed on {@link #SYSTEM_PROPERTY}. The second is to call {@link #setStrategyName(String)}
034: * before using the class. If neither approach is used, the class will default to using {@link #MODE_THREADLOCAL},
035: * which is backwards compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas {@link
036: * #MODE_GLOBAL} is definitely inappropriate for server use).</p>
037: *
038: * @author Ben Alex
039: * @version $Id: SecurityContextHolder.java 1535 2006-06-01 14:02:56Z benalex $
040: *
041: * @see org.acegisecurity.context.HttpSessionContextIntegrationFilter
042: */
043: public class SecurityContextHolder {
044: //~ Static fields/initializers =====================================================================================
045:
046: public static final String MODE_THREADLOCAL = "MODE_THREADLOCAL";
047: public static final String MODE_INHERITABLETHREADLOCAL = "MODE_INHERITABLETHREADLOCAL";
048: public static final String MODE_GLOBAL = "MODE_GLOBAL";
049: public static final String SYSTEM_PROPERTY = "acegi.security.strategy";
050: private static String strategyName = System
051: .getProperty(SYSTEM_PROPERTY);
052: private static SecurityContextHolderStrategy strategy;
053: private static int initializeCount = 0;
054:
055: static {
056: initialize();
057: }
058:
059: //~ Methods ========================================================================================================
060:
061: /**
062: * Explicitly clears the context value from the current thread.
063: */
064: public static void clearContext() {
065: strategy.clearContext();
066: }
067:
068: /**
069: * Obtain the current <code>SecurityContext</code>.
070: *
071: * @return the security context (never <code>null</code>)
072: */
073: public static SecurityContext getContext() {
074: return strategy.getContext();
075: }
076:
077: /**
078: * Primarily for troubleshooting purposes, this method shows how many times the class has reinitialized its
079: * <code>SecurityContextHolderStrategy</code>.
080: *
081: * @return the count (should be one unless you've called {@link #setStrategyName(String)} to switch to an alternate
082: * strategy.
083: */
084: public static int getInitializeCount() {
085: return initializeCount;
086: }
087:
088: private static void initialize() {
089: if ((strategyName == null) || "".equals(strategyName)) {
090: // Set default
091: strategyName = MODE_THREADLOCAL;
092: }
093:
094: if (strategyName.equals(MODE_THREADLOCAL)) {
095: strategy = new ThreadLocalSecurityContextHolderStrategy();
096: } else if (strategyName.equals(MODE_INHERITABLETHREADLOCAL)) {
097: strategy = new InheritableThreadLocalSecurityContextHolderStrategy();
098: } else if (strategyName.equals(MODE_GLOBAL)) {
099: strategy = new GlobalSecurityContextHolderStrategy();
100: } else {
101: // Try to load a custom strategy
102: try {
103: Class clazz = Class.forName(strategyName);
104: Constructor customStrategy = clazz
105: .getConstructor(new Class[] {});
106: strategy = (SecurityContextHolderStrategy) customStrategy
107: .newInstance(new Object[] {});
108: } catch (Exception ex) {
109: ReflectionUtils.handleReflectionException(ex);
110: }
111: }
112:
113: initializeCount++;
114: }
115:
116: /**
117: * Associates a new <code>SecurityContext</code> with the current thread of execution.
118: *
119: * @param context the new <code>SecurityContext</code> (may not be <code>null</code>)
120: */
121: public static void setContext(SecurityContext context) {
122: strategy.setContext(context);
123: }
124:
125: /**
126: * Changes the preferred strategy. Do <em>NOT</em> call this method more than once for a given JVM, as it
127: * will reinitialize the strategy and adversely affect any existing threads using the old strategy.
128: *
129: * @param strategyName the fully qualified classname of the strategy that should be used.
130: */
131: public static void setStrategyName(String strategyName) {
132: SecurityContextHolder.strategyName = strategyName;
133: initialize();
134: }
135:
136: public String toString() {
137: return "SecurityContextHolder[strategy='" + strategyName
138: + "'; initializeCount=" + initializeCount + "]";
139: }
140: }
|