Spring Security
  1. Spring Security
  2. SEC-1476

AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the session

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.M1
    • Component/s: Web
    • Labels:
      None

      Description

      The unsuccessfulAuthentication() method currently creates a session to store the failure exception. This shouldn't be the default. The user can override the behaviour if required. Caching it in the request should be adequate for most authentication failure purposes.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: