root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

SEC-218: Fix authentication exception cleanup of SecurityContextHolder.

This commit is contained in:
Ben Alex 2006-04-26 01:28:06 +00:00
parent 8cff715599
commit 57aee4e605
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
core/src/main/java/org/acegisecurity/ui/rememberme/RememberMeProcessingFilter.java
View File

@ -129,18 +129,6 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
// Attempt authenticaton via AuthenticationManager
try {
authenticationManager.authenticate(rememberMeAuth);
} catch (AuthenticationException authenticationException) {
if (logger.isDebugEnabled()) {
logger.debug(
"SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: '"
+ rememberMeAuth
+ "'; invalidating remember-me token",
authenticationException);
}
rememberMeServices.loginFail(httpRequest, httpResponse);
chain.doFilter(request, response);
}
// Store to SecurityContextHolder
SecurityContextHolder.getContext()
@ -160,6 +148,18 @@ public class RememberMeProcessingFilter implements Filter, InitializingBean,
.getAuthentication(),
this.getClass()));
}
} catch (AuthenticationException authenticationException) {
if (logger.isDebugEnabled()) {
logger.debug(
"SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: '"
+ rememberMeAuth
+ "'; invalidating remember-me token",
authenticationException);
}
rememberMeServices.loginFail(httpRequest, httpResponse);
}
}
chain.doFilter(request, response);