Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1476: AbstractPreAuthenticatedProcessingFilter should store AuthenticationException in the request rather than the session #1715

spring-issuemaster opened this issue May 4, 2010 · 1 comment


Copy link

@spring-issuemaster spring-issuemaster commented May 4, 2010

Luke Taylor (Migrated from SEC-1476) said:

The unsuccessfulAuthentication() method currently creates a session to store the failure exception. This shouldn't be the default. The user can override the behaviour if required. Caching it in the request should be adequate for most authentication failure purposes.


This comment has been minimized.

Copy link

@spring-issuemaster spring-issuemaster commented May 4, 2015

David Balažic said:

This is fixed in this commit: 0c09780

(I stumbled onto this and noticed the commit is not mentioned here)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.