Startseite Erkunden Hilfe
Registrieren Anmelden
github
/
spring-security
Mirror von https://github.com/spring-projects/spring-security
2
0
Fork 0
Dateien Issues 0 Wiki
Quellcode durchsuchen

SEC-1211: Set the default AuthenticatedSessionStrategy to a null implementation to preserve existing behaviour.

Luke Taylor vor 16 Jahren
Ursprung
609a68b12a
Commit
5e285b3692
2 geänderte Dateien mit 22 neuen und 3 gelöschten Zeilen
Gesamtansicht Diff-Statistik anzeigen
  1. 3 3
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
  2. 19 0
      web/src/main/java/org/springframework/security/web/session/NullAuthenticatedSessionStrategy.java

+ 3 - 3
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
Datei anzeigen 

@@ -38,7 +38,7 @@ import org.springframework.security.core.SpringSecurityMessageSource;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import org.springframework.security.web.SpringSecurityFilter;
 
 import org.springframework.security.web.SpringSecurityFilter;
 
 import org.springframework.security.web.session.AuthenticatedSessionStrategy;
 
 import org.springframework.security.web.session.AuthenticatedSessionStrategy;
 
-import org.springframework.security.web.session.DefaultAuthenticatedSessionStrategy;
 
+import org.springframework.security.web.session.NullAuthenticatedSessionStrategy;
 
 import org.springframework.security.web.util.UrlUtils;
 
 import org.springframework.security.web.util.UrlUtils;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.Assert;
 
 
 
@@ -129,7 +129,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
 
 
 
     private boolean continueChainBeforeSuccessfulAuthentication = false;
 
     private boolean continueChainBeforeSuccessfulAuthentication = false;
 
 
 
-    private AuthenticatedSessionStrategy sessionStrategy = new DefaultAuthenticatedSessionStrategy();
 
+    private AuthenticatedSessionStrategy sessionStrategy = new NullAuthenticatedSessionStrategy();
 
 
 
     private boolean allowSessionCreation = true;
 
     private boolean allowSessionCreation = true;
 
 
 
@@ -393,7 +393,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends SpringSecur
 
      * successfully processed. Used, for example, to handle changing of the session identifier to prevent session
 
      * successfully processed. Used, for example, to handle changing of the session identifier to prevent session
 
      * fixation attacks.
 
      * fixation attacks.
 
      *
 
      *
 
-     * @param sessionStrategy the implementation to use. If not set a {@link DefaultAuthenticatedSessionStrategy} is
 
+     * @param sessionStrategy the implementation to use. If not set a null implementation is
 
      * used.
 
      * used.
 
      */
 
      */
 
     public void setAuthenticatedSessionStrategy(AuthenticatedSessionStrategy sessionStrategy) {
 
     public void setAuthenticatedSessionStrategy(AuthenticatedSessionStrategy sessionStrategy) {

+ 19 - 0
web/src/main/java/org/springframework/security/web/session/NullAuthenticatedSessionStrategy.java
Datei anzeigen 

@@ -0,0 +1,19 @@
 
+package org.springframework.security.web.session;
 
+
 
+import javax.servlet.http.HttpServletRequest;
 
+import javax.servlet.http.HttpServletResponse;
 
+
 
+import org.springframework.security.core.Authentication;
 
+
 
+/**
 
+ *
 
+ * @author Luke Taylor
 
+ * @version $Id$
 
+ * @since 3.0
 
+ */
 
+public final class NullAuthenticatedSessionStrategy implements AuthenticatedSessionStrategy {
 
+
 
+    public void onAuthenticationSuccess(Authentication authentication, HttpServletRequest request,
 
+            HttpServletResponse response) {
 
+    }
 
+}