Skip to content

AnonymousAuthenticationFilter Accesses Session on Every Request #11457

New issue
New issue
Closed
Closed
AnonymousAuthenticationFilter Accesses Session on Every Request#11457
Assignees
rwinch
Labels
in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement
Milestone
5.8.0-M1
@rwinch

Description

@rwinch
rwinch
opened on Jul 1, 2022
java.lang.RuntimeException: getSession(false)
	at example.SessionAccessedFilter$1.getSession(SessionAccessedFilter.java:25)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:244)
	at org.springframework.security.web.context.HttpSessionSecurityContextRepository.loadContext(HttpSessionSecurityContextRepository.java:121)
	at org.springframework.security.web.context.SecurityContextRepository.lambda$loadContext$0(SecurityContextRepository.java:80)
	at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:97)
	at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67)
	at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:94)

java.lang.RuntimeException: getSession(false)
	at example.SessionAccessedFilter$1.getSession(SessionAccessedFilter.java:25)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:244)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:244)
	at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:244)
	at org.springframework.security.web.authentication.WebAuthenticationDetails.extractSessionId(WebAuthenticationDetails.java:61)
	at org.springframework.security.web.authentication.WebAuthenticationDetails.<init>(WebAuthenticationDetails.java:46)
	at org.springframework.security.web.authentication.WebAuthenticationDetailsSource.buildDetails(WebAuthenticationDetailsSource.java:40)
	at org.springframework.security.web.authentication.WebAuthenticationDetailsSource.buildDetails(WebAuthenticationDetailsSource.java:30)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.createAuthentication(AnonymousAuthenticationFilter.java:119)

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions