Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()

This commit is contained in:
Luke Taylor 2007-08-28 21:25:17 +00:00
parent ce3eb599ed
commit fa63d8ecfb
1 changed files with 31 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
View File

@ -331,45 +331,46 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
boolean httpSessionExistedAtStartOfRequest, boolean httpSessionExistedAtStartOfRequest,
int contextWhenChainProceeded) { int contextWhenChainProceeded) {
HttpSession httpSession = null; HttpSession httpSession = null;
try { try {
httpSession = ((HttpServletRequest) request).getSession(false); httpSession = ((HttpServletRequest) request).getSession(false);
} }
catch (IllegalStateException ignored) { catch (IllegalStateException ignored) {
} }
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) { if (httpSession == null) {
if (logger.isDebugEnabled()) { if (httpSessionExistedAtStartOfRequest) {
logger.debug("HttpSession is now null, but was not null at start of request; "
+ "session was invalidated, so do not create a new session");
}
}
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger logger.debug("HttpSession is now null, but was not null at start of request; "
.debug("The HttpSession is currently null, and the " + "session was invalidated, so do not create a new session");
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
} }
} else { } else {
if (logger.isDebugEnabled()) { // Generate a HttpSession only if we need to
logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " if (!allowSessionCreation) {
+ SecurityContextHolder.getContext() if (logger.isDebugEnabled()) {
+ "'; not creating HttpSession or storing SecurityContextHolder contents"); logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
} }
} }
} }