SEC-1353: SessionManagementFilter can invoke other filters after sending redirect #1597

Closed
spring-issuemaster opened this Issue Jan 6, 2010 · 1 comment

2 participants

@spring-issuemaster

Artem Anisimov (Migrated from SEC-1353) said:

SessionManagementFilter::doFilter() fails to stop request processing in branch "No security context or authentication present" (at SessionManagementFilter.java:89). More precisely, it does not return after calling redirectStrategy.sendRedirect(), but passes to the next filter.

This causes an error if there are controllers that define methods taking a HttpSession argument, because in this case AnnotationMethodHandlerAdapter attempts to call request.getSession(), which is not permitted after a redirect had been sent.

@spring-issuemaster spring-issuemaster added this to the 3.0.1 milestone Feb 5, 2016
@rwinch
Spring member

This issue duplicates #1578

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment