SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository
This commit is contained in:
parent
1bca645add
commit
f548d89b27
|
@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.core.context.SecurityContext;
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||||
import org.springframework.security.web.context.SecurityContextRepository;
|
import org.springframework.security.web.context.SecurityContextRepository;
|
||||||
|
|
||||||
|
@ -85,6 +86,9 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> e
|
||||||
|
|
||||||
SecurityContextRepository securityContextRepository = http
|
SecurityContextRepository securityContextRepository = http
|
||||||
.getSharedObject(SecurityContextRepository.class);
|
.getSharedObject(SecurityContextRepository.class);
|
||||||
|
if(securityContextRepository == null) {
|
||||||
|
securityContextRepository = new HttpSessionSecurityContextRepository();
|
||||||
|
}
|
||||||
SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
|
SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
|
||||||
securityContextRepository);
|
securityContextRepository);
|
||||||
SessionManagementConfigurer<?> sessionManagement = http
|
SessionManagementConfigurer<?> sessionManagement = http
|
||||||
|
|
|
@ -24,6 +24,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
||||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter
|
import org.springframework.security.web.context.SecurityContextPersistenceFilter
|
||||||
import org.springframework.security.web.context.SecurityContextRepository
|
import org.springframework.security.web.context.SecurityContextRepository
|
||||||
|
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -67,4 +68,44 @@ class SecurityContextConfigurerTests extends BaseSpringSpec {
|
||||||
.securityContext()
|
.securityContext()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def 'SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository'() {
|
||||||
|
setup: 'Configuration without default SecurityContextRepository setup'
|
||||||
|
loadConfig(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig)
|
||||||
|
when: 'Spring Security invoked'
|
||||||
|
springSecurityFilterChain.doFilter(request,response,chain)
|
||||||
|
then: 'no exception thrown'
|
||||||
|
noExceptionThrown()
|
||||||
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
static class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
public SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig() {
|
||||||
|
super(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
// @formatter:off
|
||||||
|
http
|
||||||
|
.addFilter(new WebAsyncManagerIntegrationFilter())
|
||||||
|
.anonymous().and()
|
||||||
|
.securityContext().and()
|
||||||
|
.authorizeRequests()
|
||||||
|
.anyRequest().permitAll()
|
||||||
|
.and()
|
||||||
|
.httpBasic();
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
|
|
||||||
|
// @formatter:off
|
||||||
|
@Override
|
||||||
|
protected void configure(AuthenticationManagerBuilder auth) {
|
||||||
|
auth
|
||||||
|
.inMemoryAuthentication()
|
||||||
|
.withUser("user").password("password").roles("USER")
|
||||||
|
}
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue