Removed loggers from subclasses of SpringSecurityFilter in favour of using base class logger.

core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java

@@ -25,8 +25,6 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 import org.springframework.util.ReflectionUtils;
@@ -100,8 +98,6 @@ import org.springframework.security.ui.FilterChainOrder;
 public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter implements InitializingBean {
     //~ Static fields/initializers =====================================================================================
 
-    protected static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
-
     static final String FILTER_APPLIED = "__spring_security_session_integration_filter_applied";
 
     public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";

core/src/main/java/org/springframework/security/providers/anonymous/AnonymousProcessingFilter.java

@@ -23,14 +23,8 @@ import org.springframework.security.ui.AuthenticationDetailsSource;
 import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
-
 import org.springframework.security.userdetails.memory.UserAttribute;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
 
 import java.io.IOException;
@@ -49,9 +43,6 @@ import javax.servlet.http.HttpServletResponse;
  * @version $Id$
  */
 public class AnonymousProcessingFilter  extends SpringSecurityFilter  implements InitializingBean {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(AnonymousProcessingFilter.class);
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java

@@ -24,9 +24,6 @@ import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -50,9 +47,6 @@ import java.util.Collection;
  * @version $Id$
  */
 public class ChannelProcessingFilter extends SpringSecurityFilter implements InitializingBean {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(ChannelProcessingFilter.class);
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java

@@ -29,9 +29,6 @@ import org.springframework.security.ui.rememberme.NullRememberMeServices;
 import org.springframework.security.ui.rememberme.RememberMeServices;
 import org.springframework.security.ui.savedrequest.SavedRequest;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.context.ApplicationEventPublisher;
@@ -147,8 +144,6 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
 
     private AuthenticationManager authenticationManager;
 
-    protected final Log logger = LogFactory.getLog(this.getClass());
-
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
     private Properties exceptionMappings = new Properties();

core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java

@@ -27,10 +27,6 @@ import org.springframework.security.util.PortResolver;
 import org.springframework.security.util.PortResolverImpl;
 import org.springframework.security.util.ThrowableAnalyzer;
 import org.springframework.security.util.ThrowableCauseExtractor;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.util.Assert;
@@ -80,10 +76,6 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class ExceptionTranslationFilter extends SpringSecurityFilter implements InitializingBean {
 
-    //~ Static fields/initializers =====================================================================================
-
-	private static final Log logger = LogFactory.getLog(ExceptionTranslationFilter.class);
-
 	//~ Instance fields ================================================================================================
 
     private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();

core/src/main/java/org/springframework/security/ui/FilterChainOrder.java

@@ -24,6 +24,7 @@ public abstract class FilterChainOrder {
     public static final int CHANNEL_FILTER              = FILTER_CHAIN_FIRST;
     public static final int CONCURRENT_SESSION_FILTER   = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int HTTP_SESSION_CONTEXT_FILTER = FILTER_CHAIN_FIRST + INTERVAL * i++;
+    public static final int SESSION_FIXATION_FILTER     = FILTER_CHAIN_FIRST + INTERVAL * i++;    
     public static final int LOGOUT_FILTER               = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int X509_FILTER                 = FILTER_CHAIN_FIRST + INTERVAL * i++;
     public static final int PRE_AUTH_FILTER             = FILTER_CHAIN_FIRST + INTERVAL * i++;

core/src/main/java/org/springframework/security/ui/SpringSecurityFilter.java

@@ -1,5 +1,7 @@
 package org.springframework.security.ui;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.core.Ordered;
 
 
@@ -21,7 +23,8 @@ import java.io.IOException;
  * @version $Id$
  */
 public abstract class SpringSecurityFilter implements Filter, Ordered {
-
+    protected final Log logger = LogFactory.getLog(this.getClass());
+    
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      *

core/src/main/java/org/springframework/security/ui/basicauth/BasicProcessingFilter.java

@@ -23,8 +23,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
@@ -87,9 +85,6 @@ import org.springframework.util.Assert;
  * @version $Id$
  */
 public class BasicProcessingFilter extends SpringSecurityFilter implements InitializingBean {
-    //~ Static fields/initializers =====================================================================================
-
-	private static final Log logger = LogFactory.getLog(BasicProcessingFilter.class);
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/springframework/security/ui/logout/LogoutFilter.java

@@ -27,8 +27,6 @@ import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.util.RedirectUtils;
 import org.springframework.security.context.SecurityContextHolder;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
@@ -47,9 +45,6 @@ import org.springframework.util.StringUtils;
  * @version $Id$
  */
 public class LogoutFilter extends SpringSecurityFilter {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(LogoutFilter.class);
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java

@@ -17,9 +17,6 @@ import org.springframework.security.ui.WebAuthenticationDetailsSource;
 import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.springframework.security.context.SecurityContextHolder;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
@@ -36,8 +33,6 @@ import org.springframework.util.Assert;
 public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSecurityFilter implements
         InitializingBean, ApplicationEventPublisherAware {
 
-    protected final Log logger = LogFactory.getLog(getClass());
-
     private ApplicationEventPublisher eventPublisher = null;
 
     private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();

core/src/main/java/org/springframework/security/ui/rememberme/RememberMeProcessingFilter.java

@@ -27,9 +27,6 @@ import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.util.Assert;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -56,9 +53,6 @@ import java.io.IOException;
  */
 public class RememberMeProcessingFilter extends SpringSecurityFilter implements InitializingBean,
         ApplicationEventPublisherAware {
-    //~ Static fields/initializers =====================================================================================
-
-    private static final Log logger = LogFactory.getLog(RememberMeProcessingFilter.class);
 
     //~ Instance fields ================================================================================================
 

core/src/main/java/org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.java

@@ -38,13 +38,8 @@ import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.security.userdetails.UserDetailsChecker;
 import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.context.MessageSource;
@@ -105,8 +100,6 @@ public class SwitchUserProcessingFilter extends SpringSecurityFilter implements
         ApplicationEventPublisherAware, MessageSourceAware {
     //~ Static fields/initializers =====================================================================================
 
-    private static final Log logger = LogFactory.getLog(SwitchUserProcessingFilter.class);
-
     public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
     public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";