From cbe53e21b92a5e2b2848c035c8d0db978fe815e5 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 10 Feb 2005 07:15:20 +0000 Subject: [PATCH] HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily. --- .../ui/webapp/HttpSessionIntegrationFilter.java | 6 +++--- .../test/java/org/acegisecurity/MockHttpServletRequest.java | 4 ++-- doc/xdocs/changes.xml | 1 + 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java index bb8673472f..e20369c650 100644 --- a/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/webapp/HttpSessionIntegrationFilter.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -94,7 +94,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter { Authentication authentication) { if (request instanceof HttpServletRequest && ((HttpServletRequest) request).isRequestedSessionIdValid()) { - HttpSession httpSession = ((HttpServletRequest) request).getSession(); + HttpSession httpSession = ((HttpServletRequest) request).getSession(false); if (httpSession != null) { httpSession.setAttribute(ACEGI_SECURITY_AUTHENTICATION_KEY, @@ -109,7 +109,7 @@ public class HttpSessionIntegrationFilter extends AbstractIntegrationFilter { HttpSession httpSession = null; try { - httpSession = ((HttpServletRequest) request).getSession(); + httpSession = ((HttpServletRequest) request).getSession(false); } catch (IllegalStateException ignored) {} if (httpSession != null) { diff --git a/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java b/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java index 74d4e6a75f..d1b168e16d 100644 --- a/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java +++ b/core/src/test/java/org/acegisecurity/MockHttpServletRequest.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -314,7 +314,7 @@ public class MockHttpServletRequest implements HttpServletRequest { } public HttpSession getSession(boolean arg0) { - throw new UnsupportedOperationException("mock method not implemented"); + return this.session; } public HttpSession getSession() { diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index fcc3541a9e..8a9439cc9d 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -32,6 +32,7 @@ Improved Tapestry support in AbstractProcessingFilter User now accepted blank passwords (null passwords still rejected) ContextHolderAwareRequestWrapper now provides a getUserPrincipal() method + HttpSessionIntegrationFilter no longer creates a HttpSession unnecessarily Contacts sample web.xml no longer expect Log4j to be in classpath JaasAuthenticatinProvider now uses System.property "java.security.auth.login.config" JaasAuthenticationCallbackHandler Authentication is passed to handle method setAuthenticatoin removed