Fix Tomcat compatibility issue where HttpSession unavailable during "logoff". Thanks to Aaron Tang.

21 years ago · 89ba20f057
2 changed files with 3 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java
@ -92,7 +92,8 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
				@@ -92,7 +92,8 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {

    public void commitToContainer(ServletRequest request,
        Authentication authentication) {
-        if (request instanceof HttpServletRequest) {
+        if (request instanceof HttpServletRequest
+            && ((HttpServletRequest) request).isRequestedSessionIdValid()) {
            HttpSession httpSession = ((HttpServletRequest) request).getSession();

            if (httpSession != null) {
--- a/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java
+++ b/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java
@ -270,7 +270,7 @@ public class MockHttpServletRequest implements HttpServletRequest {
				@@ -270,7 +270,7 @@ public class MockHttpServletRequest implements HttpServletRequest {
    }

    public boolean isRequestedSessionIdValid() {
-        throw new UnsupportedOperationException("mock method not implemented");
+        return true;
    }

    public void setScheme(String scheme) {