Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-305: Retain SecurityContext when rendering error pages.

This commit is contained in:
Ben Alex 2007-05-24 02:04:47 +00:00
parent 6ea8899134
commit 0736f4ffa0
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -102,7 +102,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
private static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
@ -192,12 +192,14 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
boolean filterApplied = false;
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request
chain.doFilter(request, response);
}
else {
if (request != null) {
filterApplied = true;
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
@ -351,6 +353,10 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
}
}
if (filterApplied) {
request.removeAttribute(FILTER_APPLIED);
}
// Remove SecurityContextHolder contents
SecurityContextHolder.clearContext();

1
core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java
View File

@ -139,6 +139,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Check the SecurityContextHolder is null, even though an exception was thrown during chain
assertEquals(new SecurityContextImpl(), SecurityContextHolder.getContext());
assertNull("Should have cleared FILTER_APPLIED", request.getAttribute(HttpSessionContextIntegrationFilter.FILTER_APPLIED));
}
public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession()