%!s(int64=12) %!d(string=hai) anos · 04b7d5ca08
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@@ -212,19 +212,15 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 
				     }
			
 
				 
			
 
				     /**
			
 
				-     * Determines how a session should be tracked. By default, the following
			
 
				-     * modes are used:
			
 
				-     *
			
 
				-     * <ul>
			
 
				-     * <li> {@link SessionTrackingMode#COOKIE}</li>
			
 
				-     * <li> {@link SessionTrackingMode#SSL}</li>
			
 
				-     * </ul>
			
 
				+     * Determines how a session should be tracked. By default,
			
 
				+     * {@link SessionTrackingMode#COOKIE} is used.
			
 
				      *
			
 
				      * <p>
			
 
				      * Note that {@link SessionTrackingMode#URL} is intentionally omitted to
			
 
				      * help protected against <a
			
 
				      * href="http://en.wikipedia.org/wiki/Session_fixation">session fixation
			
 
				-     * attacks</a>.
			
 
				+     * attacks</a>. {@link SessionTrackingMode#SSL} is omitted because SSL
			
 
				+     * configuration is required for this to work.
			
 
				      * </p>
			
 
				      *
			
 
				      * <p>
			
@@ -236,7 +232,6 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
 
				     protected Set<SessionTrackingMode> getSessionTrackingModes() {
			
 
				         Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
			
 
				         modes.add(SessionTrackingMode.COOKIE);
			
 
				-        modes.add(SessionTrackingMode.SSL);
			
 
				         return modes;
			
 
				     }
			
 
				 
			
--- a/web/src/test/groovy/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.groovy
+++ b/web/src/test/groovy/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializerTests.groovy
@@ -248,7 +248,7 @@ class AbstractSecurityWebApplicationInitializerTests extends Specification {
 
				             new AbstractSecurityWebApplicationInitializer(){ }.onStartup(context)
			
 
				         then:
			
 
				             1 * context.addFilter("springSecurityFilterChain", {DelegatingFilterProxy f -> f.targetBeanName == "springSecurityFilterChain" && f.contextAttribute == null}) >> registration
			
 
				-            1 * context.setSessionTrackingModes({Set<SessionTrackingMode> modes -> modes.size() == 2 && modes.containsAll([SessionTrackingMode.COOKIE, SessionTrackingMode.SSL]) })
			
 
				+            1 * context.setSessionTrackingModes({Set<SessionTrackingMode> modes -> modes.size() == 1 && modes.containsAll([SessionTrackingMode.COOKIE]) })
			
 
				     }
			
 
				 
			
 
				     def "sessionTrackingModes override"() {
			
@@ -259,12 +259,12 @@ class AbstractSecurityWebApplicationInitializerTests extends Specification {
 
				             new AbstractSecurityWebApplicationInitializer(){
			
 
				                 @Override
			
 
				                 public Set<SessionTrackingMode> getSessionTrackingModes() {
			
 
				-                    return [SessionTrackingMode.COOKIE]
			
 
				+                    return [SessionTrackingMode.SSL]
			
 
				                 }
			
 
				             }.onStartup(context)
			
 
				         then:
			
 
				             1 * context.addFilter("springSecurityFilterChain", {DelegatingFilterProxy f -> f.targetBeanName == "springSecurityFilterChain" && f.contextAttribute == null}) >> registration
			
 
				-            1 * context.setSessionTrackingModes({Set<SessionTrackingMode> modes -> modes.size() == 1 && modes.containsAll([SessionTrackingMode.COOKIE]) })
			
 
				+            1 * context.setSessionTrackingModes({Set<SessionTrackingMode> modes -> modes.size() == 1 && modes.containsAll([SessionTrackingMode.SSL]) })
			
 
				     }
			
 
				 
			
 
				     def "appendFilters filters with null"() {