SEC-1777: Wrong class mentioned in log message #2011

spring-issuemaster opened this Issue Jul 7, 2011 · 1 comment

2 participants


Mikhail Mazursky (Migrated from SEC-1777) said:

The log message should mention HttpSessionSecurityContextRepository class instead of HttpSessionContextIntegrationFilter.


public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
private HttpSession createNewSessionIfAllowed(SecurityContext context) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");

            return null;



Rob Winch said:

Thank you for taking the time to report this issue. A fix has been pushed out.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment