Fix JRun rejection of null in httpSession.setAttribute() as per http://livedocs.macromedia.com/jrun/4/javadocs/jrun/servlet/session/JRunSession.html.

Discussed at http://forum.springframework.org/viewtopic.php?t=1417.

changelog.txt

@@ -8,6 +8,7 @@ Changes in version 0.7 (2004-xx-xx)
 * Added AuthenticationProcessingFilter.setDetails for use by subclasses
 * Refactored MethodDefinitionSource to work with Method, not MethodInvocation
 * Refactored AbstractSecurityInterceptor to better support other AOP libraries
+* Fixed AbstractProcessingFitler to use removeAttribute (JRun compatibility)
 * Moved MethodSecurityInterceptor to ...intercept.method.aopalliance package
 * Documentation improvements
 

core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java

@@ -330,8 +330,7 @@ public abstract class AbstractProcessingFilter implements Filter,
 
                 httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
                     failed);
-                httpRequest.getSession().setAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY,
-                    null);
+                httpRequest.getSession().removeAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY);
                 httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest
                         .getContextPath() + failureUrl));
 
@@ -347,8 +346,7 @@ public abstract class AbstractProcessingFilter implements Filter,
                 authResult);
 
             String targetUrl = (String) httpRequest.getSession().getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
-            httpRequest.getSession().setAttribute(ACEGI_SECURITY_TARGET_URL_KEY,
-                null);
+            httpRequest.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
 
             if (targetUrl == null) {
                 targetUrl = httpRequest.getContextPath() + defaultTargetUrl;