From fa63d8ecfb7f8efdac8caa56d778d06e0cb8bdb7 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 28 Aug 2007 21:25:17 +0000 Subject: [PATCH] SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession() --- .../HttpSessionContextIntegrationFilter.java | 61 ++++++++++--------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java b/core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java index c8412df1be..f7d939dfc9 100644 --- a/core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java +++ b/core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java @@ -331,45 +331,46 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi boolean httpSessionExistedAtStartOfRequest, int contextWhenChainProceeded) { HttpSession httpSession = null; + try { httpSession = ((HttpServletRequest) request).getSession(false); } catch (IllegalStateException ignored) { } - if ((httpSession == null) && httpSessionExistedAtStartOfRequest) { - if (logger.isDebugEnabled()) { - logger.debug("HttpSession is now null, but was not null at start of request; " - + "session was invalidated, so do not create a new session"); - } - } - - // Generate a HttpSession only if we need to - if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) { - if (!allowSessionCreation) { + if (httpSession == null) { + if (httpSessionExistedAtStartOfRequest) { if (logger.isDebugEnabled()) { - logger - .debug("The HttpSession is currently null, and the " - + "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession " - + "(because the allowSessionCreation property is false) - SecurityContext thus not " - + "stored for next request"); - } - } else if (!contextObject.equals(SecurityContextHolder.getContext())) { - if (logger.isDebugEnabled()) { - logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); - } - - try { - httpSession = ((HttpServletRequest) request).getSession(true); - } - catch (IllegalStateException ignored) { + logger.debug("HttpSession is now null, but was not null at start of request; " + + "session was invalidated, so do not create a new session"); } } else { - if (logger.isDebugEnabled()) { - logger - .debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " - + SecurityContextHolder.getContext() - + "'; not creating HttpSession or storing SecurityContextHolder contents"); + // Generate a HttpSession only if we need to + + if (!allowSessionCreation) { + if (logger.isDebugEnabled()) { + logger + .debug("The HttpSession is currently null, and the " + + "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession " + + "(because the allowSessionCreation property is false) - SecurityContext thus not " + + "stored for next request"); + } + } else if (!contextObject.equals(SecurityContextHolder.getContext())) { + if (logger.isDebugEnabled()) { + logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); + } + + try { + httpSession = ((HttpServletRequest) request).getSession(true); + } + catch (IllegalStateException ignored) { + } + } else { + if (logger.isDebugEnabled()) { + logger.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " + + SecurityContextHolder.getContext() + + "'; not creating HttpSession or storing SecurityContextHolder contents"); + } } } }