From d8a56d4e60f2f902c94bb9cf58984374be0bb571 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Thu, 27 Apr 2006 23:11:56 +0000
Subject: [PATCH] SEEC-255: Always create HttpSession before calling
 AuthenticationDetailsSource.

---
 .../ui/webapp/AuthenticationProcessingFilter.java           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
index 7bf283c11a..e6f1e2d655 100644
--- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
@@ -72,13 +72,13 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,
                 password);
 
-        // Allow subclasses to set the "details" property
-        setDetails(request, authRequest);
-
         // Place the last username attempted into HttpSession for views
         request.getSession()
                .setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
 
+        // Allow subclasses to set the "details" property
+        setDetails(request, authRequest);
+
         return this.getAuthenticationManager().authenticate(authRequest);
     }