StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
16905787
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2013-06-03T21:02:07.140
FavoriteCount
0
LastActivityDate
2013-06-03T21:02:07.140
LastEditDate
LastEditorUserId
0
OwnerUserId
1276804
ParentId
16903373
PostTypeId
2
Score
3
ViewCount
0
LastEditorDisplayName
text
Body
Short answer (which is a guess): The problem could be that your pre-auth filter (or other non-form login filter) creates a session without itself invoking the <code>SessionAuthenticationStrategy</code> first. Long explanation: The <a href="https://github.com/SpringSource/spring-security/blob/master/web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java#L70" rel="nofollow">line you mentioned</a> is basically checking whether the request has just been authenticated in the current execution of the filter chain without the auth-filter creating a new session. The check inspects if there is a session, and if an auth object has already been saved to the session. If it finds the session and the saved auth object, that means nothing has to be done: everything has already been arranged regarding authentication and session management either by some other filter, or by the same <code>SessionManagementFilter</code> during processing a previous request earlier in the same session. The other case is when no session has been created or the (non-anonymous) auth object has not yet been saved in the existing session. Only in this case is it the <code>SessionManagementFilter</code>'s responsibility to actully perform session management by invoking the <code>SessionAuthenticationStrategy</code>. According to your description, this second case never occurs, which means that the session is already created, and the auth object is already saved at this point of execution. That should mean your custom auth filter must have created a session, which is not a problem in itself. The general rule however is that anyone creating a session must first consult the <code>SessionAuthenticationStrategy</code> itself. If your auth filter chooses to ignore it, nothing can be done by the <code>SessionManagementFilter</code> (it cannot undone the session creation, even if the <code>SessionAuthenticationStrategy</code> had raised a veto against the user's authenticatation). Doublecheck if this is the case, and try avoid creating a session in your pre-auth filter. Note that session creation can also happen in a sneaky way by <a href="https://github.com/SpringSource/spring-security/blob/master/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java#L293" rel="nofollow"><code>SaveToSessionResponseWrapper.saveContext()</code></a> getting called e.g. upon a redirect.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POCustom ConcurrentSessionControlStrategy
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USzagyi
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POCustom ConcurrentSessionControlStrategy
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. COVery nice explanation, you are right. My PreAuthentication filter use a AuthenticationSuccessHandler that uses the session (creating one). Thank you !
 singulars
 PostPostId
 PO
 UserUserId
 USbaraber

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.