SEC-1777: Wrong class mentioned in log message #2011

Closed
spring-issuemaster opened this Issue Jul 7, 2011 · 1 comment

2 participants

@spring-issuemaster

Mikhail Mazursky (Migrated from SEC-1777) said:

The log message should mention HttpSessionSecurityContextRepository class instead of HttpSessionContextIntegrationFilter.

package org.springframework.security.web.context;

public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
...
private HttpSession createNewSessionIfAllowed(SecurityContext context) {
...
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");
}

            return null;
        }

...

@spring-issuemaster

Rob Winch said:

Thank you for taking the time to report this issue. A fix has been pushed out.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment