Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1797: Create a new session in AbstractPreAuthenticatedProcessingFilter when the existing session is invalidated on detecting a principal change.

This commit is contained in:
Luke Taylor 2011-08-12 19:07:17 +01:00
parent 74daa68691
commit 6333909107
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -148,6 +148,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
if (session != null) { if (session != null) {
logger.debug("Invalidating existing session"); logger.debug("Invalidating existing session");
session.invalidate(); session.invalidate();
request.getSession();
} }
} }

4
web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
View File

@ -105,12 +105,12 @@ public class SessionManagementFilter extends GenericFilterBean {
* Sets the strategy object which handles the session management behaviour when a * Sets the strategy object which handles the session management behaviour when a
* user has been authenticated during the current request. * user has been authenticated during the current request.
* *
* @param sessionStrategy the strategy object. If not set, a {@link SessionFixationProtectionStrategy} is used. * @param sessionAuthenticationStrategy the strategy object. If not set, a {@link SessionFixationProtectionStrategy} is used.
* @deprecated Use constructor injection * @deprecated Use constructor injection
*/ */
@Deprecated @Deprecated
public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) { public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) {
Assert.notNull(sessionAuthenticationStrategy, "authenticatedSessionStratedy must not be null"); Assert.notNull(sessionAuthenticationStrategy, "authenticatedSessionStrategy must not be null");
this.sessionAuthenticationStrategy = sessionAuthenticationStrategy; this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
} }