首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

SEC-2107: Fix Javadoc on methods of AbstractAuthenticationProcessingFilter

Both overloads of
AbstractAuthenticationProcessingFilter.successfulAuthentication()
claimed to invoke SessionAuthenticationStrategy, which is not true, as
the invokation happens earlier in doFilter(). The Javadoc on these
methods are updated to reflect the actual code.
Balazs Zagyvai 12 年之前
父节点
7edb1089a8
当前提交
73ea8b5c05
共有 1 个文件被更改,包括 2 次插入5 次删除
分列视图 显示文件统计
  1. 2 5
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java

+ 2 - 5
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
查看文件 

@@ -161,7 +161,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * to perform the authentication. There are then three possible outcomes:
 
      * <ol>
 
      * <li>An <tt>Authentication</tt> object is returned.
 
-     * The configured {link SessionAuthenticationStrategy} will be invoked followed by the
 
+     * The configured {@link SessionAuthenticationStrategy} will be invoked (to handle any session-related behaviour
 
+     * such as creating a new session to protect against session-fixation attacks) followed by the invocation of
 
      * {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
 
      * successfulAuthentication} method</li>
 
      * <li>An <tt>AuthenticationException</tt> occurs during authentication.
 
@@ -273,8 +274,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * Default behaviour for successful authentication.
 
      * <ol>
 
      * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
 
-     * <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
 
-     * (such as creating a new session to protect against session-fixation attacks).</li>
 
      * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
 
      * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
 
      * <tt>ApplicationEventPublisher</tt></li>
 
@@ -298,8 +297,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * Default behaviour for successful authentication.
 
      * <ol>
 
      * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
 
-     * <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
 
-     * (such as creating a new session to protect against session-fixation attacks).</li>
 
      * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
 
      * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
 
      * <tt>ApplicationEventPublisher</tt></li>