Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1476: AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the session #1715
The unsuccessfulAuthentication() method currently creates a session to store the failure exception. This shouldn't be the default. The user can override the behaviour if required. Caching it in the request should be adequate for most authentication failure purposes.