From 5f3700670cf4933be1b0886a10dc473463127cfa Mon Sep 17 00:00:00 2001 From: Adam Swift Date: Fri, 13 Apr 2012 16:39:41 -0400 Subject: [PATCH] Changed to allow usage with systems using Session Fixation fixes following a login --- .../client/jboss/authentication/WebAuthenticationFilter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java b/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java index d3e38aa..9eefd67 100644 --- a/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java +++ b/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java @@ -48,7 +48,7 @@ import org.jboss.web.tomcat.security.login.WebAuthentication; * the service defined for the {@link org.jasig.cas.client.jaas.CasLoginModule}. * * @author Daniel Fisher - * @author Marvin S. Addison + * @author Marvin S. Addison * @version $Revision$ * @since 3.1.11 */ @@ -71,7 +71,7 @@ public final class WebAuthenticationFilter extends AbstractCasFilter { if (request.getUserPrincipal() instanceof AssertionPrincipal) { final AssertionPrincipal principal = (AssertionPrincipal) request.getUserPrincipal(); log.debug("Installing CAS assertion into session."); - session.setAttribute(CONST_CAS_ASSERTION, principal.getAssertion()); + request.getSession().setAttribute(CONST_CAS_ASSERTION, principal.getAssertion()); } else { log.debug("Aborting -- principal is not of type AssertionPrincipal"); throw new GeneralSecurityException("JBoss Web authentication did not produce CAS AssertionPrincipal.");