Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2107: Fix Javadoc on methods of AbstractAuthenticationProcessingFilter 

Both overloads of
AbstractAuthenticationProcessingFilter.successfulAuthentication()
claimed to invoke SessionAuthenticationStrategy, which is not true, as
the invokation happens earlier in doFilter(). The Javadoc on these
methods are updated to reflect the actual code.
This commit is contained in:
Balazs Zagyvai 2012-12-28 20:52:57 +01:00
parent 7edb1089a8
commit 73ea8b5c05
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
View File

@ -161,7 +161,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
* to perform the authentication. There are then three possible outcomes:
* <ol>
* <li>An <tt>Authentication</tt> object is returned.
* The configured {link SessionAuthenticationStrategy} will be invoked followed by the
* The configured {@link SessionAuthenticationStrategy} will be invoked (to handle any session-related behaviour
* such as creating a new session to protect against session-fixation attacks) followed by the invocation of
* {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
* successfulAuthentication} method</li>
* <li>An <tt>AuthenticationException</tt> occurs during authentication.
@ -273,8 +274,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
* Default behaviour for successful authentication.
* <ol>
* <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
* <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
* (such as creating a new session to protect against session-fixation attacks).</li>
* <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
* <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
* <tt>ApplicationEventPublisher</tt></li>
@ -298,8 +297,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
* Default behaviour for successful authentication.
* <ol>
* <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
* <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
* (such as creating a new session to protect against session-fixation attacks).</li>
* <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
* <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
* <tt>ApplicationEventPublisher</tt></li>