Начало Каталог Помощ
Регистрация Вход
github
/
spring-security
огледало от https://github.com/spring-projects/spring-security
2
0
Разклонения 0
Файлове Задачи 0 Уики
Преглед на файлове

SEC-2107: Fix Javadoc on methods of AbstractAuthenticationProcessingFilter

Both overloads of
AbstractAuthenticationProcessingFilter.successfulAuthentication()
claimed to invoke SessionAuthenticationStrategy, which is not true, as
the invokation happens earlier in doFilter(). The Javadoc on these
methods are updated to reflect the actual code.
Balazs Zagyvai преди 12 години
родител
7edb1089a8
ревизия
73ea8b5c05
променени са 1 файла, в които са добавени 2 реда и са изтрити 5 реда
Разделен изглед Покажи статистика за разликите
  1. 2 5
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java

+ 2 - 5
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
Целия файл 

@@ -161,7 +161,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * to perform the authentication. There are then three possible outcomes:
 
      * <ol>
 
      * <li>An <tt>Authentication</tt> object is returned.
 
-     * The configured {link SessionAuthenticationStrategy} will be invoked followed by the
 
+     * The configured {@link SessionAuthenticationStrategy} will be invoked (to handle any session-related behaviour
 
+     * such as creating a new session to protect against session-fixation attacks) followed by the invocation of
 
      * {@link #successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
 
      * successfulAuthentication} method</li>
 
      * <li>An <tt>AuthenticationException</tt> occurs during authentication.
 
@@ -273,8 +274,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * Default behaviour for successful authentication.
 
      * <ol>
 
      * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
 
-     * <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
 
-     * (such as creating a new session to protect against session-fixation attacks).</li>
 
      * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
 
      * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
 
      * <tt>ApplicationEventPublisher</tt></li>
 
@@ -298,8 +297,6 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
 
      * Default behaviour for successful authentication.
 
      * <ol>
 
      * <li>Sets the successful <tt>Authentication</tt> object on the {@link SecurityContextHolder}</li>
 
-     * <li>Invokes the configured {@link SessionAuthenticationStrategy} to handle any session-related behaviour
 
-     * (such as creating a new session to protect against session-fixation attacks).</li>
 
      * <li>Informs the configured <tt>RememberMeServices</tt> of the successful login</li>
 
      * <li>Fires an {@link InteractiveAuthenticationSuccessEvent} via the configured
 
      * <tt>ApplicationEventPublisher</tt></li>