|
|
|
@ -188,16 +188,8 @@ public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter im |
|
|
|
return; |
|
|
|
return; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
HttpSession httpSession = null; |
|
|
|
HttpSession httpSession = safeGetSession(request, forceEagerSessionCreation); |
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
httpSession = request.getSession(forceEagerSessionCreation); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (IllegalStateException ignored) { |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
boolean httpSessionExistedAtStartOfRequest = httpSession != null; |
|
|
|
boolean httpSessionExistedAtStartOfRequest = httpSession != null; |
|
|
|
|
|
|
|
|
|
|
|
SecurityContext contextBeforeChainExecution = readSecurityContextFromSession(httpSession); |
|
|
|
SecurityContext contextBeforeChainExecution = readSecurityContextFromSession(httpSession); |
|
|
|
|
|
|
|
|
|
|
|
// Make the HttpSession null, as we don't want to keep a reference to it lying
|
|
|
|
// Make the HttpSession null, as we don't want to keep a reference to it lying
|
|
|
|
@ -346,13 +338,7 @@ public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter im |
|
|
|
HttpServletRequest request, |
|
|
|
HttpServletRequest request, |
|
|
|
boolean httpSessionExistedAtStartOfRequest, |
|
|
|
boolean httpSessionExistedAtStartOfRequest, |
|
|
|
int contextHashBeforeChainExecution) { |
|
|
|
int contextHashBeforeChainExecution) { |
|
|
|
HttpSession httpSession = null; |
|
|
|
HttpSession httpSession = safeGetSession(request, false); |
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
httpSession = request.getSession(false); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (IllegalStateException ignored) { |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (httpSession == null) { |
|
|
|
if (httpSession == null) { |
|
|
|
if (httpSessionExistedAtStartOfRequest) { |
|
|
|
if (httpSessionExistedAtStartOfRequest) { |
|
|
|
@ -375,11 +361,8 @@ public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter im |
|
|
|
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); |
|
|
|
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
httpSession = safeGetSession(request, true); |
|
|
|
httpSession = request.getSession(true); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (IllegalStateException ignored) { |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
if (logger.isDebugEnabled()) { |
|
|
|
if (logger.isDebugEnabled()) { |
|
|
|
logger.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " |
|
|
|
logger.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " |
|
|
|
@ -400,6 +383,15 @@ public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter im |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private HttpSession safeGetSession(HttpServletRequest request, boolean allowCreate) { |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
return request.getSession(allowCreate); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (IllegalStateException ignored) { |
|
|
|
|
|
|
|
return null; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public SecurityContext generateNewContext() throws ServletException { |
|
|
|
public SecurityContext generateNewContext() throws ServletException { |
|
|
|
try { |
|
|
|
try { |
|
|
|
|
Luke Taylor
18 years ago