GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-539: Refactored if (httpSession == null) block in storeSecurityContextInSession()

1.0.x
Luke Taylor 19 years ago
parent
ce3eb599ed
commit
fa63d8ecfb
1 changed files with 31 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 61
      core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java

61
core/src/main/java/org/acegisecurity/context/HttpSessionContextIntegrationFilter.java
Unescape View File

@ -331,45 +331,46 @@ public class HttpSessionContextIntegrationFilter implements InitializingBean, Fi
boolean httpSessionExistedAtStartOfRequest, boolean httpSessionExistedAtStartOfRequest,
int contextWhenChainProceeded) { int contextWhenChainProceeded) {
HttpSession httpSession = null; HttpSession httpSession = null;
try { try {
httpSession = ((HttpServletRequest) request).getSession(false); httpSession = ((HttpServletRequest) request).getSession(false);
} }
catch (IllegalStateException ignored) { catch (IllegalStateException ignored) {
} }
if ((httpSession == null) && httpSessionExistedAtStartOfRequest) { if (httpSession == null) {
if (logger.isDebugEnabled()) { if (httpSessionExistedAtStartOfRequest) {
logger.debug("HttpSession is now null, but was not null at start of request; "
+ "session was invalidated, so do not create a new session");
}
}
// Generate a HttpSession only if we need to
if ((httpSession == null) && !httpSessionExistedAtStartOfRequest) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default"); logger.debug("HttpSession is now null, but was not null at start of request; "
} + "session was invalidated, so do not create a new session");
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
} }
} else { } else {
if (logger.isDebugEnabled()) { // Generate a HttpSession only if we need to
logger
.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' " if (!allowSessionCreation) {
+ SecurityContextHolder.getContext() if (logger.isDebugEnabled()) {
+ "'; not creating HttpSession or storing SecurityContextHolder contents"); logger
.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}
} else if (!contextObject.equals(SecurityContextHolder.getContext())) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
}
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession is null, but SecurityContextHolder has not changed from default: ' "
+ SecurityContextHolder.getContext()
+ "'; not creating HttpSession or storing SecurityContextHolder contents");
}
} }
} }
} }

Write Preview
Loading…
Cancel
Save