SEC-2548: AuthenticationSwitchUserEvent is published before the actual Authentication object is placed in SecurityContext

[spring-projects-issues]

Anders Steiner (Migrated from SEC-2548) said:

The AuthenticationSwitchUserEvent is published in attemptSwitchUser method before the Authentication object is placed in the Security Context. The event should be published after line 158 where SecurityContextHolder.getContext().setAuthentication(targetUser); is called.

The issue is also there when trying to exit an user, The event is published in attemptExitUser when it should be published in the doFilter method after line 173.

[spring-projects-issues]

Anders Steiner said:

Do you accept pull requests?

[spring-projects-issues]

Rob Winch said:

A Pivotal Tracker story has been created for this Issue: http://www.pivotaltracker.com/story/show/68990330

[spring-projects-issues]

Rob Winch said:

We do accept pull requests. Please see https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md

[spring-projects-issues]

Rob Winch said:

Rob Winch deleted the linked story in Pivotal Tracker