ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository

Issue: gh-4719

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -47,7 +47,7 @@ import org.springframework.security.web.server.authorization.ExceptionTranslatio
 import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 import org.springframework.security.web.server.context.ReactorContextWebFilter;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
-import org.springframework.security.web.server.context.ServerWebExchangeAttributeServerSecurityContextRepository;
+import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
 import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
 import org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter;
@@ -347,7 +347,7 @@ public class ServerHttpSecurity {
 	public class HttpBasicBuilder {
 		private ReactiveAuthenticationManager authenticationManager;
 
-		private ServerSecurityContextRepository serverSecurityContextRepository = new ServerWebExchangeAttributeServerSecurityContextRepository();
+		private ServerSecurityContextRepository serverSecurityContextRepository = NoOpServerSecurityContextRepository.getInstance();
 
 		private ServerAuthenticationEntryPoint entryPoint = new HttpBasicServerAuthenticationEntryPoint();
 

web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java

@@ -26,7 +26,7 @@ import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;
 import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
-import org.springframework.security.web.server.context.ServerWebExchangeAttributeServerSecurityContextRepository;
+import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 import org.springframework.util.Assert;
@@ -49,7 +49,7 @@ public class AuthenticationWebFilter implements WebFilter {
 
 	private ServerAuthenticationFailureHandler serverAuthenticationFailureHandler = new ServerAuthenticationEntryPointFailureHandler(new HttpBasicServerAuthenticationEntryPoint());
 
-	private ServerSecurityContextRepository serverSecurityContextRepository = new ServerWebExchangeAttributeServerSecurityContextRepository();
+	private ServerSecurityContextRepository serverSecurityContextRepository = NoOpServerSecurityContextRepository.getInstance();
 
 	private ServerWebExchangeMatcher requiresAuthenticationMatcher = ServerWebExchangeMatchers.anyExchange();
 	public AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManager) {

web/src/main/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepository.java → web/src/main/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepository.java

@@ -25,16 +25,23 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerWebExchangeAttributeServerSecurityContextRepository
+public class NoOpServerSecurityContextRepository
 	implements ServerSecurityContextRepository {
-	final String ATTR = "USER";
+
+	private static final NoOpServerSecurityContextRepository INSTANCE = new NoOpServerSecurityContextRepository();
 
 	public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
-		return Mono.fromRunnable(() ->exchange.getAttributes().put(ATTR, context));
+		return Mono.empty();
 
 	}
 
 	public Mono<SecurityContext> load(ServerWebExchange exchange) {
-		return Mono.justOrEmpty(exchange.<SecurityContext>getAttribute(ATTR));
+		return Mono.empty();
+	}
+
+	public static NoOpServerSecurityContextRepository getInstance() {
+		return INSTANCE;
 	}
+
+	private NoOpServerSecurityContextRepository() {}
 }

web/src/test/java/org/springframework/security/web/server/context/ServerWebExchangeAttributeServerSecurityContextRepositoryTests.java → web/src/test/java/org/springframework/security/web/server/context/NoOpServerSecurityContextRepositoryTests.java

@@ -23,6 +23,7 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -30,18 +31,21 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerWebExchangeAttributeServerSecurityContextRepositoryTests {
-	ServerWebExchangeAttributeServerSecurityContextRepository repository = new ServerWebExchangeAttributeServerSecurityContextRepository();
+public class NoOpServerSecurityContextRepositoryTests {
+	NoOpServerSecurityContextRepository repository = NoOpServerSecurityContextRepository.getInstance();
+
 	ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 
 	@Test
 	public void saveAndLoad() {
 		SecurityContext context = new SecurityContextImpl();
-		this.repository.save(this.exchange, context).block();
 
-		Mono<SecurityContext> loaded = this.repository.load(this.exchange);
+		Mono<SecurityContext> result =
+			this.repository.save(this.exchange, context)
+			.then(this.repository.load(this.exchange));
 
-		assertThat(context).isSameAs(loaded.block());
+		StepVerifier.create(result)
+			.verifyComplete();
 	}
 
 }