Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-92

Session is needlessly created by HttpSecurityWrapper::getUserPrincipal

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 0.8
    • 0.7.23
    • None
    • true

      In HttpSecurityWrapper::getUserPrincipal session creation is forced when trying to retrieve the servlet context

      public Principal getUserPrincipal()
{
        if (securityConfig == null)
        {
            securityConfig = (SecurityConfig) request.getSession().getServletContext().getAttribute(SecurityConfig.STORAGE_KEY);
        }

        Principal user = securityConfig.getAuthenticator().getUser(request);
        return user;
}

      This can interfere with the SecurityFilter which uses the fact that a session exists to attempt to find a logged in user. It is also a generally bad practice to create a session needlessly.

            [SER-92] Session is needlessly created by HttpSecurityWrapper::getUserPrincipal

            vkharisma made changes -
            Link New: This issue causes CONFCLOUD-7378 [ CONFCLOUD-7378 ]
            Samuel Le Berrigaud made changes -
            Workflow Original: jira [ 86116 ] New: reviewflow [ 121207 ]
            Andreas Knecht (Inactive) made changes -
            Link New: This issue is duplicated by SER-95 [ SER-95 ]
            Christopher Owen [Atlassian] made changes -
            Fix Version/s New: 0.8 [ 13183 ]
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]
            Christopher Owen [Atlassian] made changes -
            Link New: This issue caused CONF-7378 [ CONF-7378 ]
            Christopher Owen [Atlassian] created issue -

              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              Affected customers:
              1 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                17 years, 43 weeks ago