SEC-2002: Polishing

2013-06-06 15:05:00 -05:00 · 2013-06-06 15:05:00 -05:00 · 7bc87cf13b
parent d89ace26ab
commit 7bc87cf13b
2 changed files with 19 additions and 0 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@ -214,7 +214,16 @@ public class SessionFixationProtectionStrategy implements SessionAuthenticationS
        return attributesToMigrate;
    }

+    /**
+     * Sets the {@link ApplicationEventPublisher} to use for submitting
+     * {@link SessionFixationProtectionEvent}. The default is to not submit the
+     * {@link SessionFixationProtectionEvent}.
+     *
+     * @param applicationEventPublisher
+     *            the {@link ApplicationEventPublisher}. Cannot be null.
+     */
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+        Assert.notNull(applicationEventPublisher, "applicationEventPublisher cannot be null");
        this.applicationEventPublisher = applicationEventPublisher;
    }

--- a/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlStrategyTests.java
@ -103,4 +103,14 @@ public class ConcurrentSessionControlStrategyTests {
        assertEquals(request.getSession().getId(), event.getNewSessionId());
        assertSame(authentication, event.getAuthentication());
    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void setApplicationEventPublisherForbidsNulls() {
+        strategy.setApplicationEventPublisher(null);
+    }
+
+    @Test
+    public void onAuthenticationNoExceptionWhenRequireApplicationEventPublisherSet() {
+        strategy.onAuthentication(authentication, request, response);
+    }
 }