SEC-1476: AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the session #1715

spring-issuemaster opened this Issue May 4, 2010 · 1 comment


None yet

1 participant


Luke Taylor (Migrated from SEC-1476) said:

The unsuccessfulAuthentication() method currently creates a session to store the failure exception. This shouldn't be the default. The user can override the behaviour if required. Caching it in the request should be adequate for most authentication failure purposes.


David Balažic said:

This is fixed in this commit: 0c09780

(I stumbled onto this and noticed the commit is not mentioned here)

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment