From 57aee4e6056238af65ef51a52bbbe72ca4e2cb83 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Wed, 26 Apr 2006 01:28:06 +0000
Subject: [PATCH] SEC-218: Fix authentication exception cleanup of
 SecurityContextHolder.

---
 .../RememberMeProcessingFilter.java           | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
index 6fdb7f06fa..265629d3b4 100644
--- a/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
@@ -129,6 +129,25 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                 // Attempt authenticaton via AuthenticationManager
                 try {
                     authenticationManager.authenticate(rememberMeAuth);
+                    
+                    // Store to SecurityContextHolder
+                    SecurityContextHolder.getContext()
+                                         .setAuthentication(rememberMeAuth);
+
+                    if (logger.isDebugEnabled()) {
+                        logger.debug(
+                            "SecurityContextHolder populated with remember-me token: '"
+                            + SecurityContextHolder.getContext().getAuthentication()
+                            + "'");
+                    }
+
+                    // Fire event
+                    if (this.eventPublisher != null) {
+                        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
+                                SecurityContextHolder.getContext()
+                                                     .getAuthentication(),
+                                this.getClass()));
+                    }
                 } catch (AuthenticationException authenticationException) {
                     if (logger.isDebugEnabled()) {
                         logger.debug(
@@ -139,27 +158,8 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                     }
 
                     rememberMeServices.loginFail(httpRequest, httpResponse);
-                    chain.doFilter(request, response);
                 }
 
-                // Store to SecurityContextHolder
-                SecurityContextHolder.getContext()
-                                     .setAuthentication(rememberMeAuth);
-
-                if (logger.isDebugEnabled()) {
-                    logger.debug(
-                        "SecurityContextHolder populated with remember-me token: '"
-                        + SecurityContextHolder.getContext().getAuthentication()
-                        + "'");
-                }
-
-                // Fire event
-                if (this.eventPublisher != null) {
-                    eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
-                            SecurityContextHolder.getContext()
-                                                 .getAuthentication(),
-                            this.getClass()));
-                }
             }
 
             chain.doFilter(request, response);