diff --git a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java index d72045dfaf..102450203d 100644 --- a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java @@ -66,18 +66,26 @@ public final class RequestAttributeSecurityContextRepository implements Security @Override public boolean containsContext(HttpServletRequest request) { - return loadContext(request).get() != null; + return getContext(request) != null; } @Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { - SecurityContext context = loadContext(requestResponseHolder.getRequest()).get(); - return (context != null) ? context : SecurityContextHolder.createEmptyContext(); + return getContextOrEmpty(requestResponseHolder.getRequest()); } @Override public Supplier loadContext(HttpServletRequest request) { - return () -> (SecurityContext) request.getAttribute(this.requestAttributeName); + return () -> getContextOrEmpty(request); + } + + private SecurityContext getContextOrEmpty(HttpServletRequest request) { + SecurityContext context = getContext(request); + return (context != null) ? context : SecurityContextHolder.createEmptyContext(); + } + + private SecurityContext getContext(HttpServletRequest request) { + return (SecurityContext) request.getAttribute(this.requestAttributeName); } @Override diff --git a/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java index 5fc4d4afb7..93390cf836 100644 --- a/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepositoryTests.java @@ -16,6 +16,8 @@ package org.springframework.security.web.context; +import java.util.function.Supplier; + import org.junit.jupiter.api.Test; import org.springframework.mock.web.MockHttpServletRequest; @@ -67,4 +69,17 @@ class RequestAttributeSecurityContextRepositoryTests { assertThat(this.repository.containsContext(this.request)).isTrue(); } + @Test + void loadDeferredContextWhenNotPresentThenEmptyContext() { + Supplier deferredContext = this.repository.loadContext(this.request); + assertThat(deferredContext.get()).isEqualTo(SecurityContextHolder.createEmptyContext()); + } + + @Test + void loadContextWhenNotPresentThenEmptyContext() { + SecurityContext context = this.repository + .loadContext(new HttpRequestResponseHolder(this.request, this.response)); + assertThat(context).isEqualTo(SecurityContextHolder.createEmptyContext()); + } + }