[#SEC-411] SecurityContextHolderAwareRequestWrapper does not define required constructor

Spring Security

SecurityContextHolderAwareRequestWrapper does not define required constructor

Created: 11/Dec/06 07:44 PM Updated: 24/May/07 06:53 PM

Component/s:

Core

Affects Version/s:

1.0.3

Fix Version/s:

1.0.4

Time Tracking:

Not Specified

Description

« Hide

SecurityContextHolderAwareRequestFilter requires that any request wrapper configured for it must provide a public constructor that accepts two arguments (HttpServletRequest and PortResolver). SecurityContextHolderAwareRequestWrapper does not provide this constructor.

All

Comments

Work Log

Change History

FishEye

Builds

Sort Order:

[ Permalink | « Hide ]

Ben Alex added a comment - 30/Apr/07 03:26 AM

SecurityContextHolderAwareRequestWrapper will be modified to accept the PortResolver parameter.

Whilst this breaks backward compatibility, the only Acegi Security subclass of SecurityContextHolderAwareRequestWrapper is SavedRequestAwareWrapper. A user would also need to be using a filter (generally SecurityContextHolderAwareRequestFilter) to utilize the SecurityContextHolderAwareRequestWrapper. Therefore it seems likely this bug would have been reported before now if anyone was using it directly. Given it hasn't been reported previously, it seems unlikely anyone is using it, so adding an additional parameter to the SecurityContextHolderAwareRequestWrapper is reasonable despite the backward compatibility issue.

[ Permalink | « Hide ]

Vishal Puri added a comment - 24/May/07 06:37 PM

Required constructor argument, PortResolver, is added in SecurityContextHolderAwareRequestWrapper.

[ Permalink | « Hide ]

Vishal Puri added a comment - 24/May/07 06:53 PM

required modifications are made and code checked into svn.