NEXUS-4630, afterCompletion is NOT needed we do NOT need to cleanup t…

…he anonymous user, as they will NOT have a session. We also do NOT need to clean up the ThreadContext as is handled by Shiro web framework.
sonatype · Nov 15, 2011 · a55a77f · a55a77f
1 parent 9831dde
commit a55a77f
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 60 deletions.
diff --git a/...src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java b/...src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java
@@ -243,7 +243,8 @@ protected boolean executeAnonymousLogin( ServletRequest request, ServletResponse
         {
             Session anonSession = subject.getSession( false );
 
-            this.getLogger().debug( "Unknown session exception while logging in anonymous user: '{}'", anonSession, e );
+            this.getLogger().debug( "Unknown session exception while logging in anonymous user: '{}' with principal '{}'", new Object[]{ anonSession, subject.getPrincipal(), e} );
+
             if ( anonSession != null )
             {
                 // clear the session
@@ -363,42 +364,6 @@ public void postHandle( ServletRequest request, ServletResponse response )
         }
     }
 
-    @Override
-    public void afterCompletion( ServletRequest request, ServletResponse response, Exception exception )
-        throws Exception
-    {
-        // NOTE: this exception (if any) is logged, wrapped, and thrown in the cleanup method that calls this one.
-        try
-        {
-            if ( request.getAttribute( ANONYMOUS_LOGIN ) != null )
-            {
-                try
-                {
-                    getSubject( request, response ).logout();
-                }
-                catch ( SessionException e ) //TODO: investigate why this is getting thrown (original issue NEXUS-4267)
-                {
-                    // we need to prevent log spam, just log this as trace
-                    getLogger().trace( "Failed to find session for anonymous user.", e );
-                }
-                if ( HttpServletRequest.class.isAssignableFrom( request.getClass() ) )
-                {
-                    HttpSession session = ( (HttpServletRequest) request ).getSession( false );
-
-                    if ( session != null )
-                    {
-                        session.invalidate();
-                    }
-                }
-            }
-        }
-        finally
-        {
-            // clear all thread locals
-            ThreadContext.remove();
-        }
-    }
-
     /**
      * set http 403 forbidden header for the response
      *

diff --git a/...rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java b/...rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java
@@ -111,29 +111,6 @@ public void unbindSubjectFromThread()
         ThreadContext.remove();
     }
 
-    /**
-     * Test afterCompletion does not throw an exception if the anonymous users session has expired.
-     *
-     * @throws Exception
-     */
-    @Test
-    public void testAfterCompletionForExpiredSessions()
-        throws Exception
-    {
-
-        // make sure the subject is returned, then expire the session
-        assertThat( SecurityUtils.getSubject(), equalTo( (Subject) subject ) );
-        subject.getSession().setTimeout( 0 ); // expire the session
-
-
-        // Verify this does not throw an exception when the session is expired
-        NexusHttpAuthenticationFilter filter = new NexusHttpAuthenticationFilter();
-        filter.afterCompletion( request, response, null );
-
-        // verify the session is nulled out
-        assertThat( subject.getSession( false ), nullValue() );
-    }
-
     /**
      * Test that executeAnonymousLogin will attempt to recover after an UnknownSessionException is thrown.
      * @throws Exception