Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-28 18:39:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1521: Add check for null SecurityContextRepository and clarify related docs on use of null implementation (NullSecurityContextRepository).

Browse Source
This commit is contained in:
Luke Taylor 2010-07-23 15:59:53 +01:00
parent e659e15f90
commit d7d8448120
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/manual/src/docbook/core-filters.xml
View File

@ -241,17 +241,18 @@ public interface SecurityContextRepository {
changed). If you don't want a session to be created, then you can set this property
to <literal>false</literal>: <programlisting language="xml"><![CDATA[
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='false' />
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='false' />
</bean>
</property>
</bean>
</property>
</bean>
]]></programlisting> Alternatively you could provide a null implementation of the
<interfacename>SecurityContextRepository</interfacename> interface, which will
prevent the security context from being stored, even if a session has already been
created during the request. </para>
]]></programlisting> Alternatively you could provide an instance of
<classname>NullSecurityContextRepository</classname>, a <quote><link
xlink:href="http://en.wikipedia.org/wiki/Null_Object_pattern">null object</link></quote>
implementation, which will prevent the security context from being stored, even if a
session has already been created during the request. </para>
</section>
</section>
<section xml:id="form-login-filter">

2
web/src/main/java/org/springframework/security/web/context/SecurityContextPersistenceFilter.java
View File

@ -12,6 +12,7 @@ import javax.servlet.http.HttpSession;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
/**
@ -92,6 +93,7 @@ public class SecurityContextPersistenceFilter extends GenericFilterBean {
}
public void setSecurityContextRepository(SecurityContextRepository repo) {
Assert.notNull(repo, "SecurityContextRepository cannot be null");
this.repo = repo;
}