SEC-1430: Removed caching of username in session upon failed authentication. Improved Javadoc.

This commit is contained in:
Luke Taylor
2010-11-26 13:58:49 +00:00
parent d64efe9747
commit 43be9ea2a4
8 changed files with 21 additions and 38 deletions

View File

@@ -55,8 +55,6 @@ public class UsernamePasswordAuthenticationFilterTests extends TestCase {
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
assertTrue(result != null);
assertEquals("rod", request.getSession().getAttribute(
UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
}
@@ -123,10 +121,6 @@ public class UsernamePasswordAuthenticationFilterTests extends TestCase {
fail("Expected AuthenticationException");
} catch (AuthenticationException e) {
}
// Check username has still been set
assertEquals("rod", request.getSession().getAttribute(
UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY));
}
/**