Merge pull request #5 from Gleeble/master

Change to allow for Session Fixation Prevention
2012-04-15 17:29:03 -07:00 · 2012-04-15 17:29:03 -07:00 · 8673f2c294
parent 1775ae99ec 5f3700670c
commit 8673f2c294
1 changed files with 2 additions and 2 deletions
--- a/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java
+++ b/cas-client-integration-jboss/src/main/java/org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.java
@ -48,7 +48,7 @@ import org.jboss.web.tomcat.security.login.WebAuthentication;
 * the service defined for the {@link org.jasig.cas.client.jaas.CasLoginModule}.
 *
 * @author  Daniel Fisher
- * @author  Marvin S. Addison 
+ * @author  Marvin S. Addison
 * @version  $Revision$
 * @since 3.1.11
 */
@ -71,7 +71,7 @@ public final class WebAuthenticationFilter extends AbstractCasFilter {
                if (request.getUserPrincipal() instanceof AssertionPrincipal) {
                    final AssertionPrincipal principal = (AssertionPrincipal) request.getUserPrincipal();
                    log.debug("Installing CAS assertion into session.");
-                    session.setAttribute(CONST_CAS_ASSERTION, principal.getAssertion());
+                    request.getSession().setAttribute(CONST_CAS_ASSERTION, principal.getAssertion());
                } else {
                    log.debug("Aborting -- principal is not of type AssertionPrincipal");
                    throw new GeneralSecurityException("JBoss Web authentication did not produce CAS AssertionPrincipal.");