HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.

core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -94,7 +94,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
         Authentication authentication) {
         if (request instanceof HttpServletRequest
             && ((HttpServletRequest) request).isRequestedSessionIdValid()) {
-            HttpSession httpSession = ((HttpServletRequest) request).getSession();
+            HttpSession httpSession = ((HttpServletRequest) request).getSession(false);
 
             if (httpSession != null) {
                 httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY,
@@ -109,7 +109,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
             HttpSession httpSession = null;
 
             try {
-                httpSession = ((HttpServletRequest) request).getSession();
+                httpSession = ((HttpServletRequest) request).getSession(false);
             } catch (IllegalStateException ignored) {}
 
             if (httpSession != null) {

core/src/test/java/org/acegisecurity/MockHttpServletRequest.java

@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -314,7 +314,7 @@ public class MockHttpServletRequest implements HttpServletRequest {
     }
 
     public HttpSession getSession(boolean arg0) {
-        throw new UnsupportedOperationException("mock method not implemented");
+        return this.session;
     }
 
     public HttpSession getSession() {

doc/xdocs/changes.xml

@@ -32,6 +32,7 @@
       <action dev="benalex" type="update">Improved Tapestry support in AbstractProcessingFilter</action>
       <action dev="benalex" type="update">User now accepted blank passwords (null passwords still rejected)</action>
       <action dev="benalex" type="update">ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method</action>
+      <action dev="benalex" type="update">HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily</action>
       <action dev="benalex" type="fix">Contacts sample web.xml no longer expect Log4j to be in classpath</action>
       <action dev="raykrueger" type="update">JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config"</action>
       <action dev="raykrueger" type="update">JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthenticatoin removed</action>