root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity

SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.

This commit is contained in:
Ben Alex 2006-09-15 03:36:51 +00:00
parent 53beadb7bf
commit 5364db2c27
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
View File

@ -145,10 +145,15 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
try { try {
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} catch (AuthenticationException exception) { } catch (AuthenticationException exception) {
// There was a problem, so try again after checking we're using latest data if(cacheWasUsed) {
cacheWasUsed = false; // There was a problem, so try again after checking
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); // we're using latest data (ie not from the cache)
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); cacheWasUsed = false;
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} else {
throw exception;
}
} }
if (!user.isCredentialsNonExpired()) { if (!user.isCredentialsNonExpired()) {