- 论坛徽章:
- 0
|
Appfuse Version 1.9.3
org.acegisecurity.context.HttpSessionContextIntegrationFilter
implements InitializingBean, Filter
httpSession = ((HttpServletRequest) request).getSession(forceEagerSessionCreation);//得到session
Object contextFromSessionObject = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);//得到这个session中保存的SecurityContext
if (contextFromSessionObject != null) {
SecurityContextHolder.setContext((SecurityContext) contextFromSessionObject);
}
else{
SecurityContextHolder.setContext(generateNewContext());
}
//如果存在那么放入SecurityContextHolder,如果不存在return (SecurityContext) this.context.newInstance();通过这个方法生成一个SecurityContext
/******/
下面这段还没有理解,为什么要把httpSession设为null,说明上写是我们希望保证
我们没有保持一个到session的引用传递给下一个filter?????
// Make the HttpSession null, as we want to ensure we don't keep
// a reference to the HttpSession laying around in case the
// chain.doFilter() invalidates it.
httpSession = null;
// Proceed with chain
int contextWhenChainProceeded = SecurityContextHolder.getContext().hashCode();
/******************************/
接下来就将转向下一个 filter
try {
chain.doFilter(request, response);
} catch (IOException ioe) {
}
在它的finally块里面它做了一些动作,可以看一下
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/19271/showart_146107.html |
|