SEC-159: Comment about use of SecurityContextHolder.clearContext().

2006-02-09 00:12:56 +00:00 · 2006-02-09 00:12:56 +00:00 · c8e81bd425
parent dc959b1847
commit c8e81bd425
1 changed files with 9 additions and 0 deletions
--- a/doc/xdocs/upgrade/upgrade-090-100.html
+++ b/doc/xdocs/upgrade/upgrade-090-100.html
@ -66,6 +66,15 @@ applications:
 	an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
 	</li>
 	
+	<li>
+	If you are directly using SecurityContextHolder.setContext(SecurityContext) - which is not
+	very common - please not that best practise is now to call SecurityContextHolder.clearContext()
+	if you wish to erase the contents of the SecurityContextHolder. Previously code such as
+	SecurityContextHolder.setContext(new SecurityContextImpl()) would have been used. The revised
+	method internally stores null, which helps avoids redeployment issue caused by the previous
+	approaches (see SEC-159 for further details).
+	</li>
+	
    </ul>

 </body>