Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1476

AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the session

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.M1
    • Component/s: Web
    • Labels:
      None

      Description

      The unsuccessfulAuthentication() method currently creates a session to store the failure exception. This shouldn't be the default. The user can override the behaviour if required. Caching it in the request should be adequate for most authentication failure purposes.

        Activity

        Hide
        xerces8 David Balažic added a comment -

        This is fixed in this commit: https://github.com/spring-projects/spring-security/commit/0c097806440ebfb2c1067a4bbdece03a5eb6fd23

        (I stumbled onto this and noticed the commit is not mentioned here)

        Show
        xerces8 David Balažic added a comment - This is fixed in this commit: https://github.com/spring-projects/spring-security/commit/0c097806440ebfb2c1067a4bbdece03a5eb6fd23 (I stumbled onto this and noticed the commit is not mentioned here)

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            luke Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: