Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 11:32:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1476: Modify AbstractPreAuthenticatedProcessingFilter to store authentication exception in request instead of creating a new session.

Browse Source
This commit is contained in:
Luke Taylor 2010-05-05 14:13:48 +01:00
parent d5ffdd9c27
commit 0c09780644
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -167,8 +167,9 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
} }
/** /**
* Ensures the authentication object in the secure context is set to null * Ensures the authentication object in the secure context is set to null when authentication fails.
* when authentication fails. * <p>
* Caches the failure exception as a request attribute
*/ */
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) { protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
@ -176,7 +177,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Cleared security context due to exception", failed); logger.debug("Cleared security context due to exception", failed);
} }
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed); request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, failed);
} }
/** /**