diff --git a/nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java b/nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java index a6cdfa012f..f4f082e28e 100644 --- a/nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java +++ b/nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java @@ -243,7 +243,8 @@ protected boolean executeAnonymousLogin( ServletRequest request, ServletResponse { Session anonSession = subject.getSession( false ); - this.getLogger().debug( "Unknown session exception while logging in anonymous user: '{}'", anonSession, e ); + this.getLogger().debug( "Unknown session exception while logging in anonymous user: '{}' with principal '{}'", new Object[]{ anonSession, subject.getPrincipal(), e} ); + if ( anonSession != null ) { // clear the session @@ -363,42 +364,6 @@ public void postHandle( ServletRequest request, ServletResponse response ) } } - @Override - public void afterCompletion( ServletRequest request, ServletResponse response, Exception exception ) - throws Exception - { - // NOTE: this exception (if any) is logged, wrapped, and thrown in the cleanup method that calls this one. - try - { - if ( request.getAttribute( ANONYMOUS_LOGIN ) != null ) - { - try - { - getSubject( request, response ).logout(); - } - catch ( SessionException e ) //TODO: investigate why this is getting thrown (original issue NEXUS-4267) - { - // we need to prevent log spam, just log this as trace - getLogger().trace( "Failed to find session for anonymous user.", e ); - } - if ( HttpServletRequest.class.isAssignableFrom( request.getClass() ) ) - { - HttpSession session = ( (HttpServletRequest) request ).getSession( false ); - - if ( session != null ) - { - session.invalidate(); - } - } - } - } - finally - { - // clear all thread locals - ThreadContext.remove(); - } - } - /** * set http 403 forbidden header for the response * diff --git a/nexus/nexus-rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java b/nexus/nexus-rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java index 5428785152..620238e748 100644 --- a/nexus/nexus-rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java +++ b/nexus/nexus-rest-api/src/test/java/org/sonatype/nexus/security/NexusHttpAuthenticationFilterTest.java @@ -111,29 +111,6 @@ public void unbindSubjectFromThread() ThreadContext.remove(); } - /** - * Test afterCompletion does not throw an exception if the anonymous users session has expired. - * - * @throws Exception - */ - @Test - public void testAfterCompletionForExpiredSessions() - throws Exception - { - - // make sure the subject is returned, then expire the session - assertThat( SecurityUtils.getSubject(), equalTo( (Subject) subject ) ); - subject.getSession().setTimeout( 0 ); // expire the session - - - // Verify this does not throw an exception when the session is expired - NexusHttpAuthenticationFilter filter = new NexusHttpAuthenticationFilter(); - filter.afterCompletion( request, response, null ); - - // verify the session is nulled out - assertThat( subject.getSession( false ), nullValue() ); - } - /** * Test that executeAnonymousLogin will attempt to recover after an UnknownSessionException is thrown. * @throws Exception