mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-02 16:52:14 +00:00
SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.
This commit is contained in:
parent
47166fe078
commit
9ccaf05cc7
@ -278,6 +278,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
|
||||
((HttpServletRequest) request).getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
|
||||
targetUrl);
|
||||
}
|
||||
|
||||
// SEC-112: Clear the SecurityContextHolder's Authentication, as the
|
||||
// existing Authentication is no longer considered valid
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
authenticationEntryPoint.commence(request,
|
||||
(HttpServletResponse) fi.getResponse(), reason);
|
||||
|
Loading…
x
Reference in New Issue
Block a user