diff --git a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
index db030efa6ab..532310a0416 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java
@@ -64,12 +64,6 @@ public class SessionFixationProtectionStrategy extends
*/
boolean migrateSessionAttributes = true;
- /**
- * In the case where the attributes will not be migrated, this field allows a list of
- * named attributes which should not be discarded.
- */
- private List retainedAttributes = null;
-
/**
* Called to extract the existing attributes from the session, prior to invalidating
* it. If {@code migrateAttributes} is set to {@code false}, only Spring Security
@@ -124,36 +118,19 @@ void transferAttributes(Map attributes, HttpSession newSession)
@SuppressWarnings("unchecked")
private HashMap createMigratedAttributeMap(HttpSession session) {
- HashMap attributesToMigrate = null;
-
- if (migrateSessionAttributes || retainedAttributes == null) {
- attributesToMigrate = new HashMap();
+ HashMap attributesToMigrate = new HashMap();
- Enumeration enumer = session.getAttributeNames();
+ Enumeration enumer = session.getAttributeNames();
- while (enumer.hasMoreElements()) {
- String key = (String) enumer.nextElement();
- if (!migrateSessionAttributes && !key.startsWith("SPRING_SECURITY_")) {
- // Only retain Spring Security attributes
- continue;
- }
- attributesToMigrate.put(key, session.getAttribute(key));
- }
- }
- else {
- // Only retain the attributes which have been specified in the
- // retainAttributes list
- if (!retainedAttributes.isEmpty()) {
- attributesToMigrate = new HashMap();
- for (String name : retainedAttributes) {
- Object value = session.getAttribute(name);
-
- if (value != null) {
- attributesToMigrate.put(name, value);
- }
- }
+ while (enumer.hasMoreElements()) {
+ String key = (String) enumer.nextElement();
+ if (!migrateSessionAttributes && !key.startsWith("SPRING_SECURITY_")) {
+ // Only retain Spring Security attributes
+ continue;
}
+ attributesToMigrate.put(key, session.getAttribute(key));
}
+
return attributesToMigrate;
}