1 жил өмнө · f6969af379
--- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java
+++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java
@@ -26,10 +26,13 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				 import org.springframework.security.core.authority.AuthorityUtils;
			
 
				+import org.springframework.security.core.context.SecurityContext;
			
 
				 import org.springframework.security.core.context.SecurityContextHolder;
			
 
				 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
			
 
				 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
			
 
				 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
			
 
				+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
			
 
				+import org.springframework.security.web.context.SecurityContextRepository;
			
 
				 
			
 
				 /**
			
 
				  * An authentication handler that saves an authentication either way.
			
@@ -43,6 +46,8 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A
 
				 
			
 
				 	private final AuthenticationSuccessHandler successHandler;
			
 
				 
			
 
				+	private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
			
 
				+
			
 
				 	public MfaAuthenticationHandler(String url) {
			
 
				 		SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler(url);
			
 
				 		successHandler.setAlwaysUseDefaultTargetUrl(true);
			
@@ -65,7 +70,9 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A
 
				 
			
 
				 	private void saveMfaAuthentication(HttpServletRequest request, HttpServletResponse response,
			
 
				 			Authentication authentication) throws IOException, ServletException {
			
 
				-		SecurityContextHolder.getContext().setAuthentication(new MfaAuthentication(authentication));
			
 
				+		SecurityContext context = SecurityContextHolder.getContext();
			
 
				+		context.setAuthentication(new MfaAuthentication(authentication));
			
 
				+		this.securityContextRepository.saveContext(context, request, response);
			
 
				 		this.successHandler.onAuthenticationSuccess(request, response, authentication);
			
 
				 	}
			
 
				 
			
--- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
+++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java
@@ -63,8 +63,7 @@ public class SecurityConfig {
 
				 						return filter;
			
 
				 					}
			
 
				 				})
			
 
				-			)
			
 
				-			.securityContext((context) -> context.requireExplicitSave(false));
			
 
				+			);
			
 
				 		// @formatter:on
			
 
				 		return http.build();
			
 
				 	}
			
--- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties
+++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties
@@ -0,0 +1 @@
 
				+logging.level.org.springframework.security=TRACE
		`@@ -0,0 +1 @@`
		`+logging.level.org.springframework.security=TRACE`