implement ui client session id

This changeset introduces a client side session id, which is generated once by the client (ui: apiClient) and is send with each request to server. The server makes the session id available by the PrincipalCollection of the subject.
2025-11-12 08:25:44 +01:00 · 2019-11-13 14:03:48 +01:00
parent f0f134daeb
commit 42ab81cf50
16 changed files with 367 additions and 166 deletions
--- a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java
@@ -177,45 +177,26 @@ public class DefaultAdministrationContext implements AdministrationContext
    //J+
  }

-  /**
-   * Method description
-   *
-   *
-   * @param action
-   */
-  private void doRunAsInNonWebSessionContext(PrivilegedAction action)
-  {
-    if (logger.isTraceEnabled())
-    {
-      logger.trace("bind shiro security manager to current thread");
-    }
+  private void doRunAsInNonWebSessionContext(PrivilegedAction action) {
+    logger.trace("bind shiro security manager to current thread");

-    try
-    {
+    try {
      SecurityUtils.setSecurityManager(securityManager);

      Subject subject = createAdminSubject();
      ThreadState state = new SubjectThreadState(subject);

      state.bind();
-
      try
      {
-        if (logger.isInfoEnabled())
-        {
-          logger.info("execute action {} in administration context",
-            action.getClass().getName());
-        }
+        logger.info("execute action {} in administration context", action.getClass().getName());

        action.run();
+      } finally {
+        logger.trace("restore current thread state");
+        state.restore();
      }
-      finally
-      {
-        state.clear();
-      }
-    }
-    finally
-    {
+    } finally {
      SecurityUtils.setSecurityManager(null);
    }
  }