Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-444: Handle synchronization issues if multiple authentications taking place for same session ID concurrently.

This commit is contained in:
Ben Alex 2007-05-25 01:38:42 +00:00
parent 4f13db5552
commit 3b9a8dc53e
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java
View File

@ -140,7 +140,6 @@ public class ConcurrentSessionControllerImpl implements ConcurrentSessionControl
Object principal = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication);
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
sessionRegistry.removeSessionInformation(sessionId);
sessionRegistry.registerNewSession(sessionId, principal);
}

6
core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
View File

@ -112,14 +112,12 @@ public class SessionRegistryImpl implements SessionRegistry,
}
}
public void registerNewSession(String sessionId, Object principal)
throws SessionAlreadyUsedException {
public synchronized void registerNewSession(String sessionId, Object principal) {
Assert.hasText(sessionId, "SessionId required as per interface contract");
Assert.notNull(principal, "Principal required as per interface contract");
if (getSessionInformation(sessionId) != null) {
throw new SessionAlreadyUsedException("Session " + sessionId
+ " is already is use");
removeSessionInformation(sessionId);
}
sessionIds.put(sessionId,