From a15691d9d7099820e07303270bf25e3cc329eff9 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Wed, 22 Jun 2005 07:03:53 +0000
Subject: [PATCH] Silently catch NotSerializableException in
 AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph
 Dane for reporting this bug).

---
 .../acegisecurity/ui/AbstractProcessingFilter.java  | 13 ++++++++++---
 doc/xdocs/changes.xml                               |  5 +++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
index 0fad9bf684..82445d37b9 100644
--- a/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
@@ -33,7 +33,12 @@ import java.io.IOException;
 
 import java.util.Properties;
 
-import javax.servlet.*;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -419,8 +424,10 @@ public abstract class AbstractProcessingFilter implements Filter,
             logger.debug("Authentication request failed: " + failed.toString());
         }
 
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
-            failed);
+        try {
+            request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
+                failed);
+        } catch (Exception ignored) {}
 
         onUnsuccessfulAuthentication(request, response);
 
diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml
index 9b08df8a6e..2c7a89a5eb 100644
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@@ -36,8 +36,9 @@
       <action dev="benalex" type="fix">AbstractAuthenticationToken.getName() now returns username alone if UserDetails present</action>
       <action dev="raykrueger" type="update">AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name</action>
       <action dev="benalex" type="update">JavaDoc improvements</action>
-      <action dev="benalex" type="fix">Correct synchronization issue with FilterToBeanProxy initialization (as per developer list discussion)</action>
-      <action dev="benalex" type="update">Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion)</action>
+      <action dev="benalex" type="fix">Correct synchronization issue with FilterToBeanProxy initialization</action>
+      <action dev="benalex" type="update">Refactor Authentication.isAuthenticated() handling to be more performance</action>
+      <action dev="benalex" type="fix">Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable</action>
     </release>
     <release version="0.8.2" date="2005-04-20">
       <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>