Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-2013: AbstractAuthenticationProcessingFilter is missing space in log message #2239

spring-issuemaster opened this Issue Jul 19, 2012 · 1 comment


None yet
2 participants

Igor Kolomiets (Migrated from SEC-2013) said:

I have custom FORM_LOGIN_FILTER class (extends UsernamePasswordAuthenticationFilter). When I have (expected) SessionAuthenticationException I see the following log messages:

2012-07-19 16:38:50,311 [btpool0-4] DEBUG FormAuthenticationFilter - Authentication request failed: org.springframework.security.web.authentication.session.SessionAuthenticationException: Only concurrent sessions for the same principal are allowed
2012-07-19 16:38:50,311 [btpool0-4] DEBUG FormAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2012-07-19 16:38:50,311 [btpool0-4] DEBUG FormAuthenticationFilter - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@5226e4c9

As you can see "Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@5226e4c9" message has no space.

The missing space is in the AbstractAuthenticationProcessingFilter class (see Reference URL).

Rob Winch said:

Thank you for your submission. A fix is pushed to master and the 3.0.x branch

@spring-issuemaster spring-issuemaster added this to the 3.1.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment