Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 0.8
Affects Version/s: 0.7.23
Labels:
None

Last commented by user?:
true

In HttpSecurityWrapper::getUserPrincipal session creation is forced when trying to retrieve the servlet context

public Principal getUserPrincipal()
{
        if (securityConfig == null)
        {
            securityConfig = (SecurityConfig) request.getSession().getServletContext().getAttribute(SecurityConfig.STORAGE_KEY);
        }

        Principal user = securityConfig.getAuthenticator().getUser(request);
        return user;
}

This can interfere with the SecurityFilter which uses the fact that a session exists to attempt to find a logged in user. It is also a generally bad practice to create a session needlessly.

causes

CONFSERVER-7378 "Remember me" does not work with sun application servers

Closed

is duplicated by

SER-95 Cookie login fails if a previous filter creates a session

Closed

Assignee:: Christopher Owen [Atlassian]

Reporter:: Christopher Owen [Atlassian]

Participants:: Christopher Owen [Atlassian]

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 20/Aug/2007 11:38 PM

Updated:: 01/Apr/2017 2:12 PM

Resolved:: 24/Aug/2007 7:37 AM

Last commented:: 17 years, 24 weeks, 5 days ago

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates