SecurityContextPersistenceFilterConfig pConfig =
(SecurityContextPersistenceFilterConfig) config;
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo) {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
// set the hint for authentcation servlets
req.setAttribute(ALLOWSESSIONCREATION_ATTR, isAllowSessionCreation);
if (isAllowSessionCreation)
((HttpServletRequest)req).getSession(); // create session if allowed
// set the hint for other components
req.setAttribute(GeoServerSecurityFilterChainProxy.SECURITY_ENABLED_ATTRIBUTE,Boolean.TRUE);
super.doFilter(req, res, chain);
}
};
isAllowSessionCreation=pConfig.isAllowSessionCreation();
repo.setAllowSessionCreation(pConfig.isAllowSessionCreation());
filter.setForceEagerSessionCreation(false);
try {
filter.afterPropertiesSet();
} catch (ServletException e) {