Avoid expense of HttpSession when working with anonymous users.

This commit is contained in:
Ben Alex 2005-07-23 10:05:32 +00:00
parent f625d06cd9
commit f650289142

View File

@ -45,6 +45,7 @@
<action dev="benalex" type="fix">HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>
<action dev="benalex" type="update">Form, CAS, X509 and Remember-Me authentication mechanisms now publish an InteractiveAuthenticationSuccessEvent (see http://opensource.atlassian.com/projects/spring/browse/SEC-5)</action>
<action dev="benalex" type="update">FilterSecurityInterceptor now has an observeOncePerRequest boolean property, allowing multiple fragments of the HTTP request to be individually authorized (see http://opensource.atlassian.com/projects/spring/browse/SEC-14)</action>
<action dev="benalex" type="update">AnonymousProcessingFilter cleans up the Authentication object, avoiding HttpSession creation overhead</action>
</release>
<release version="0.8.3" date="2005-05-12">
<action dev="benalex" type="fix">HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>