Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable (thanks to Joseph Dane for reporting this bug).

Ben Alex 20 năm trước cách đây
mục cha
03a1c01408
commit
a15691d9d7
2 tập tin đã thay đổi với 13 bổ sung5 xóa
Split View Hiển thị tình trạng sai khác
  1. 10 3
      core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
  2. 3 2
      doc/xdocs/changes.xml

+ 10 - 3
core/src/main/java/org/acegisecurity/ui/AbstractProcessingFilter.java
Xem Tập Tin 

@@ -33,7 +33,12 @@ import java.io.IOException;
 
 
 import java.util.Properties;
 
 
-import javax.servlet.*;
 
+import javax.servlet.Filter;
 
+import javax.servlet.FilterChain;
 
+import javax.servlet.FilterConfig;
 
+import javax.servlet.ServletException;
 
+import javax.servlet.ServletRequest;
 
+import javax.servlet.ServletResponse;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpServletResponse;
 
 
@@ -419,8 +424,10 @@ public abstract class AbstractProcessingFilter implements Filter,
 
             logger.debug("Authentication request failed: " + failed.toString());
 
         }
 
 
-        request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
 
-            failed);
 
+        try {
 
+            request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY,
 
+                failed);
 
+        } catch (Exception ignored) {}
 
 
         onUnsuccessfulAuthentication(request, response);

+ 3 - 2
doc/xdocs/changes.xml
Xem Tập Tin 

@@ -36,8 +36,9 @@
 
       <action dev="benalex" type="fix">AbstractAuthenticationToken.getName() now returns username alone if UserDetails present</action>
 
       <action dev="raykrueger" type="update">AuthorityGranter.grant now returns a java.util.Set of role names, instead of a single role name</action>
 
       <action dev="benalex" type="update">JavaDoc improvements</action>
 
-      <action dev="benalex" type="fix">Correct synchronization issue with FilterToBeanProxy initialization (as per developer list discussion)</action>
 
-      <action dev="benalex" type="update">Refactor Authentication.isAuthenticated() handling to be more performance (as per developer list discussion)</action>
 
+      <action dev="benalex" type="fix">Correct synchronization issue with FilterToBeanProxy initialization</action>
 
+      <action dev="benalex" type="update">Refactor Authentication.isAuthenticated() handling to be more performance</action>
 
+      <action dev="benalex" type="fix">Silently catch NotSerializableException in AbstractProcessingFilter if rootCause is not Serializable</action>
 
     </release>
 
     <release version="0.8.2" date="2005-04-20">
 
       <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>