HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily.

21 years ago · cbe53e21b9
3 changed files with 6 additions and 5 deletions
--- a/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -94,7 +94,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
				@@ -94,7 +94,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
        Authentication authentication) {
        if (request instanceof HttpServletRequest
            && ((HttpServletRequest) request).isRequestedSessionIdValid()) {
-            HttpSession httpSession = ((HttpServletRequest) request).getSession();
+            HttpSession httpSession = ((HttpServletRequest) request).getSession(false);

            if (httpSession != null) {
                httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY,
@ -109,7 +109,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
				@@ -109,7 +109,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter {
            HttpSession httpSession = null;

            try {
-                httpSession = ((HttpServletRequest) request).getSession();
+                httpSession = ((HttpServletRequest) request).getSession(false);
            } catch (IllegalStateException ignored) {}

            if (httpSession != null) {
--- a/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java
+++ b/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -314,7 +314,7 @@ public class MockHttpServletRequest implements HttpServletRequest {
				@@ -314,7 +314,7 @@ public class MockHttpServletRequest implements HttpServletRequest {
    }

    public HttpSession getSession(boolean arg0) {
-        throw new UnsupportedOperationException("mock method not implemented");
+        return this.session;
    }

    public HttpSession getSession() {
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@ -32,6 +32,7 @@
				@@ -32,6 +32,7 @@
      <action dev="benalex" type="update">Improved Tapestry support in AbstractProcessingFilter</action>
      <action dev="benalex" type="update">User now accepted blank passwords (null passwords still rejected)</action>
      <action dev="benalex" type="update">ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method</action>
+      <action dev="benalex" type="update">HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily</action>
      <action dev="benalex" type="fix">Contacts sample web.xml no longer expect Log4j to be in classpath</action>
      <action dev="raykrueger" type="update">JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config"</action>
      <action dev="raykrueger" type="update">JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthenticatoin removed</action>