Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.

This commit is contained in:
Luke Taylor 2010-05-05 14:13:48 +01:00
parent d5ffdd9c27
commit 0c09780644
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -167,8 +167,9 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
}
/**
* Ensures the authentication object in the secure context is set to null
* when authentication fails.
* Ensures the authentication object in the secure context is set to null when authentication fails.
* <p>
* Caches the failure exception as a request attribute
*/
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
SecurityContextHolder.clearContext();
@ -176,7 +177,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
if (logger.isDebugEnabled()) {
logger.debug("Cleared security context due to exception", failed);
}
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
}
/**