GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-305: Retain SecurityContext when rendering error pages.

1.0.x
Ben Alex 19 years ago
parent
6ea8899134
commit
0736f4ffa0
2 changed files with 8 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
  2. 1
      core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java

8
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
Unescape View File

@ -102,7 +102,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi @@ -102,7 +102,7 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
private static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
@ -192,12 +192,14 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi @@ -192,12 +192,14 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
boolean filterApplied = false;
if ((request != null) && (request.getAttribute(FILTER_APPLIED) != null)) {
// ensure that filter is only applied once per request
chain.doFilter(request, response);
}
else {
if (request != null) {
filterApplied = true;
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
@ -351,6 +353,10 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi @@ -351,6 +353,10 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
}
}
if (filterApplied) {
request.removeAttribute(FILTER_APPLIED);
}
// Remove SecurityContextHolder contents
SecurityContextHolder.clearContext();

1
core/src/test/java/org/acegisecurity/context/HttpSessionContextIntegrationFilterTests.java
Unescape View File

@ -139,6 +139,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase { @@ -139,6 +139,7 @@ public class HttpSessionContextIntegrationFilterTests extends TestCase {
// Check the SecurityContextHolder is null, even though an exception was thrown during chain
assertEquals(new SecurityContextImpl(), SecurityContextHolder.getContext());
assertNull("Should have cleared FILTER_APPLIED", request.getAttribute(HttpSessionContextIntegrationFilter.FILTER_APPLIED));
}
public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession()

Write Preview
Loading…
Cancel
Save