From c8e81bd4255f644d0fa71ae88b427441a4ab6f56 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Thu, 9 Feb 2006 00:12:56 +0000
Subject: [PATCH] SEC-159: Comment about use of
 SecurityContextHolder.clearContext().

---
 doc/xdocs/upgrade/upgrade-090-100.html | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/xdocs/upgrade/upgrade-090-100.html b/doc/xdocs/upgrade/upgrade-090-100.html
index 8de426546c..cca06fe979 100644
--- a/doc/xdocs/upgrade/upgrade-090-100.html
+++ b/doc/xdocs/upgrade/upgrade-090-100.html
@@ -66,6 +66,15 @@ applications:
 	an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
 	</li>
 	
+	<li>
+	If you are directly using SecurityContextHolder.setContext(SecurityContext) - which is not
+	very common - please not that best practise is now to call SecurityContextHolder.clearContext()
+	if you wish to erase the contents of the SecurityContextHolder. Previously code such as
+	SecurityContextHolder.setContext(new SecurityContextImpl()) would have been used. The revised
+	method internally stores null, which helps avoids redeployment issue caused by the previous
+	approaches (see SEC-159 for further details).
+	</li>
+	
     </ul>
 
 </body>