SEC-218: Fix authentication exception cleanup of SecurityContextHolder.

2006-04-26 01:28:06 +00:00 · 2006-04-26 01:28:06 +00:00 · 57aee4e605
parent 8cff715599
commit 57aee4e605
1 changed files with 19 additions and 19 deletions
--- a/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
@ -129,6 +129,25 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                // Attempt authenticaton via AuthenticationManager
                try {
                    authenticationManager.authenticate(rememberMeAuth);
                    // Store to SecurityContextHolder
                    SecurityContextHolder.getContext()
                                         .setAuthentication(rememberMeAuth);
                    if (logger.isDebugEnabled()) {
                        logger.debug(
                            "SecurityContextHolder populated with remember-me token: '"
                            + SecurityContextHolder.getContext().getAuthentication()
                            + "'");
                    }
                    // Fire event
                    if (this.eventPublisher != null) {
                        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
                                SecurityContextHolder.getContext()
                                                     .getAuthentication(),
                                this.getClass()));
                    }
                } catch (AuthenticationException authenticationException) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(
@ -139,27 +158,8 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
                    }
                    rememberMeServices.loginFail(httpRequest, httpResponse);
                    chain.doFilter(request, response);
                }
                // Store to SecurityContextHolder
                SecurityContextHolder.getContext()
                                     .setAuthentication(rememberMeAuth);
                if (logger.isDebugEnabled()) {
                    logger.debug(
                        "SecurityContextHolder populated with remember-me token: '"
                        + SecurityContextHolder.getContext().getAuthentication()
                        + "'");
                }
                // Fire event
                if (this.eventPublisher != null) {
                    eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
                            SecurityContextHolder.getContext()
                                                 .getAuthentication(),
                            this.getClass()));
                }
            }
            chain.doFilter(request, response);