Fixed SEC-395

core/src/main/java/org/acegisecurity/ui/session/HttpSessionEventPublisher.java

@@ -45,9 +45,6 @@ public class HttpSessionEventPublisher implements HttpSessionListener, ServletCo
 
     //~ Instance fields ================================================================================================
 
-    private ApplicationContext appContext;
-    private ServletContext servletContext = null;
-
     //~ Methods ========================================================================================================
 
     /**
@@ -67,21 +64,10 @@ public class HttpSessionEventPublisher implements HttpSessionListener, ServletCo
         if (log.isDebugEnabled()) {
             log.debug("Received ServletContextEvent: " + event);
         }
-
-        appContext = WebApplicationContextUtils.getWebApplicationContext(event.getServletContext());
-
-        if (appContext == null) {
-            log.warn("Web application context is null. Will delay initialization until it's first used.");
-            servletContext = event.getServletContext();
-        }
     }
 
-    ApplicationContext getContext() {
-        if (appContext == null) {
-            appContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
-        }
-
-        return appContext;
+    ApplicationContext getContext(ServletContext servletContext) {
+        return WebApplicationContextUtils.getWebApplicationContext(servletContext);
     }
 
     /**
@@ -97,7 +83,7 @@ public class HttpSessionEventPublisher implements HttpSessionListener, ServletCo
             log.debug("Publishing event: " + e);
         }
 
-        getContext().publishEvent(e);
+        getContext(event.getSession().getServletContext()).publishEvent(e);
     }
 
     /**
@@ -113,6 +99,6 @@ public class HttpSessionEventPublisher implements HttpSessionListener, ServletCo
             log.debug("Publishing event: " + e);
         }
 
-        getContext().publishEvent(e);
+        getContext(event.getSession().getServletContext()).publishEvent(e);
     }
 }

core/src/test/java/org/acegisecurity/ui/session/HttpSessionEventPublisherTests.java

@@ -46,16 +46,6 @@ public class HttpSessionEventPublisherTests extends TestCase {
         context.setServletContext(servletContext);
     }
 
-    public void testGetContextThrowsExceptionIfContextNotSet() {
-        HttpSessionEventPublisher publisher = new HttpSessionEventPublisher();
-        publisher.contextInitialized(new ServletContextEvent(new MockServletContext()));
-
-        try {
-            publisher.getContext();
-            fail("IllegalStateException expected when no context set");
-        } catch (IllegalStateException expected) {}
-    }
-
     /**
      * It's not that complicated so we'll just run it straight through here.
      */
@@ -73,10 +63,11 @@ public class HttpSessionEventPublisherTests extends TestCase {
 
         publisher.contextInitialized(new ServletContextEvent(servletContext));
 
-        MockHttpSession session = new MockHttpSession();
+        MockHttpSession session = new MockHttpSession(servletContext);
         TestListener listener = (TestListener) context.getBean("listener");
 
         HttpSessionEvent event = new HttpSessionEvent(session);
+        
         publisher.sessionCreated(event);
 
         assertNotNull(listener.getCreatedEvent());