SEC-218: Fix authentication exception cleanup of SecurityContextHolder.

20 years ago · 57aee4e605
1 changed files with 19 additions and 19 deletions
--- a/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
@ -129,6 +129,25 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
				@@ -129,6 +129,25 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                // Attempt authenticaton via AuthenticationManager
                try {
                    authenticationManager.authenticate(rememberMeAuth);
+                    
+                    // Store to SecurityContextHolder
+                    SecurityContextHolder.getContext()
+                                         .setAuthentication(rememberMeAuth);
+
+                    if (logger.isDebugEnabled()) {
+                        logger.debug(
+                            "SecurityContextHolder populated with remember-me token: '"
+                            + SecurityContextHolder.getContext().getAuthentication()
+                            + "'");
+                    }
+
+                    // Fire event
+                    if (this.eventPublisher != null) {
+                        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
+                                SecurityContextHolder.getContext()
+                                                     .getAuthentication(),
+                                this.getClass()));
+                    }
                } catch (AuthenticationException authenticationException) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(
@ -139,27 +158,8 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
				@@ -139,27 +158,8 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                    }

                    rememberMeServices.loginFail(httpRequest, httpResponse);
-                    chain.doFilter(request, response);
                }

-                // Store to SecurityContextHolder
-                SecurityContextHolder.getContext()
-                                     .setAuthentication(rememberMeAuth);
-
-                if (logger.isDebugEnabled()) {
-                    logger.debug(
-                        "SecurityContextHolder populated with remember-me token: '"
-                        + SecurityContextHolder.getContext().getAuthentication()
-                        + "'");
-                }
-
-                // Fire event
-                if (this.eventPublisher != null) {
-                    eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-                            SecurityContextHolder.getContext()
-                                                 .getAuthentication(),
-                            this.getClass()));
-                }
            }

            chain.doFilter(request, response);