Announcement Announcement Module
Collapse
No announcement yet.
HttpSessionContextIntegrationFilter ignores allowSessionCreation flag? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HttpSessionContextIntegrationFilter ignores allowSessionCreation flag?

    I am securing Axis2 web services using Spring Security 2.0.4. I have configured a HttpSessionContextIntegrationFilter as follows:

    <bean id="httpSessionContextIntegrationFilterWithASCFals e" class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter">
    <property name="allowSessionCreation" value="false" />
    </bean>

    When I call a web service, there is no HTTP Session:

    DEBUG [[email protected]] (HttpSessionContextIntegrationFilter.java:274) - No HttpSession currently exists

    At the end of the call the Security Context is being stored to an HttpSession, even though I set "allowSessionCreation" to false:

    DEBUG [[email protected]] HttpSessionContextIntegrationFilter.java:395) - SecurityContext stored to HttpSession: 'org.springframework.security.context.SecurityCont [email protected] ...
Working...
X