Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use context returned by SecurityContextHolder.createEmptyContext() as contextObject default value.

This commit is contained in:
Luke Taylor 2009-04-27 07:31:35 +00:00
parent 95ab95b6e3
commit 530a7b5d21
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
View File

@ -13,7 +13,6 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
@ -25,7 +24,8 @@ import org.springframework.util.ReflectionUtils;
* method (using the key {@link #SPRING_SECURITY_CONTEXT_KEY}). If a valid <code>SecurityContext</code> cannot be
* obtained from the <code>HttpSession</code> for whatever reason, a fresh <code>SecurityContext</code> will be created
* and returned instead. The created object will be an instance of the class set using the
* {@link #setSecurityContextClass(Class)} method. If this hasn't been set, a {@link SecurityContextImpl} will be returned.
* {@link #setSecurityContextClass(Class)} method. If this hasn't been set, a default context implementation
* as returned by {@link SecurityContextHolder#createEmptyContext()} will be used.
* <p>
* When <tt>saveContext</tt> is called, the context will be stored under the same key, provided
* <ol>
@ -62,7 +62,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
private Class<? extends SecurityContext> securityContextClass = null;
/** SecurityContext instance used to check for equality with default (unauthenticated) content */
private Object contextObject = new SecurityContextImpl();
private Object contextObject = SecurityContextHolder.createEmptyContext();
private boolean cloneFromHttpSession = false;
private boolean allowSessionCreation = true;
private boolean disableUrlRewriting = false;