root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Create Authentication Only Once 

Issue gh-17933
This commit is contained in:
Josh Cummings 2025-09-18 15:37:37 -06:00
parent 0f4e1f2a2a
commit 39e2bb67fc
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
View File

@ -16,6 +16,9 @@
package org.springframework.security.authentication.dao;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -33,6 +36,7 @@ import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
@ -200,12 +204,11 @@ public abstract class AbstractUserDetailsAuthenticationProvider
// so subsequent attempts are successful even with encoded passwords.
// Also ensure we return the original getDetails(), so that future
// authentication events after cache expiry contain the details
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken
.authenticated(principal, authentication.getCredentials(),
this.authoritiesMapper.mapAuthorities(user.getAuthorities()))
.toBuilder()
.authorities((a) -> a.add(new SimpleGrantedAuthority(AUTHORITY)))
.build();
Collection<GrantedAuthority> authorities = new ArrayList<>(
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(principal,
authentication.getCredentials(), authorities);
result.setDetails(authentication.getDetails());
this.logger.debug("Authenticated user");
return result;

11
ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
View File

@ -16,6 +16,7 @@
package org.springframework.security.ldap.authentication;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.commons.logging.Log;
@ -103,11 +104,11 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
UserDetails user) {
Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials()
: user.getPassword();
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken
.authenticated(user, password, this.authoritiesMapper.mapAuthorities(user.getAuthorities()))
.toBuilder()
.authorities((a) -> a.add(new SimpleGrantedAuthority(AUTHORITY)))
.build();
Collection<GrantedAuthority> authorities = new ArrayList<>(
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(user, password,
authorities);
result.setDetails(authentication.getDetails());
this.logger.debug("Authenticated user");
return result;