Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
github
/
spring-security
spogulis no https://github.com/spring-projects/spring-security
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Default to DelegatingSecurityContextRepository

Closes gh-12023
Closes gh-12049
Steve Riesenberg 2 gadi atpakaļ
vecāks
e238b721bb
revīzija
33b492df54
5 mainītis faili ar 60 papildinājumiem un 30 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 4 1
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
  2. 46 0
      config/src/test/java/org/springframework/security/config/TestDeferredSecurityContext.java
  3. 4 3
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
  4. 3 1
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
  5. 3 25
      config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java

+ 4 - 1
config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
Parādīt failu 

@@ -21,7 +21,9 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.http.SessionCreationPolicy;
 
 import org.springframework.security.core.context.SecurityContext;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.security.web.context.DelegatingSecurityContextRepository;
 
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
+import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
 import org.springframework.security.web.context.SecurityContextHolderFilter;
 
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 
 import org.springframework.security.web.context.SecurityContextRepository;
 
@@ -96,7 +98,8 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
 
 		SecurityContextRepository securityContextRepository = getBuilder()
 
 				.getSharedObject(SecurityContextRepository.class);
 
 		if (securityContextRepository == null) {
 
-			securityContextRepository = new HttpSessionSecurityContextRepository();
 
+			securityContextRepository = new DelegatingSecurityContextRepository(
 
+					new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository());
 
 		}
 
 		return securityContextRepository;
 
 	}

+ 46 - 0
config/src/test/java/org/springframework/security/config/TestDeferredSecurityContext.java
Parādīt failu 

@@ -0,0 +1,46 @@
 
+/*
 
+ * Copyright 2002-2022 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      https://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+
 
+package org.springframework.security.config;
 
+
 
+import org.springframework.security.core.context.DeferredSecurityContext;
 
+import org.springframework.security.core.context.SecurityContext;
 
+
 
+/**
 
+ * @author Steve Riesenberg
 
+ */
 
+public class TestDeferredSecurityContext implements DeferredSecurityContext {
 
+
 
+	private SecurityContext securityContext;
 
+
 
+	private boolean isGenerated;
 
+
 
+	public TestDeferredSecurityContext(SecurityContext securityContext, boolean isGenerated) {
 
+		this.securityContext = securityContext;
 
+		this.isGenerated = isGenerated;
 
+	}
 
+
 
+	@Override
 
+	public SecurityContext get() {
 
+		return this.securityContext;
 
+	}
 
+
 
+	@Override
 
+	public boolean isGenerated() {
 
+		return this.isGenerated;
 
+	}
 
+
 
+}

+ 4 - 3
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java
Parādīt failu 

@@ -28,6 +28,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Configuration;
 
+import org.springframework.security.config.TestDeferredSecurityContext;
 
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.builders.TestHttpSecurity;
 
@@ -83,10 +84,10 @@ public class SecurityContextConfigurerTests {
 
 	@Test
 
 	public void securityContextWhenInvokedTwiceThenUsesOriginalSecurityContextRepository() throws Exception {
 
 		this.spring.register(DuplicateDoesNotOverrideConfig.class).autowire();
 
-		given(DuplicateDoesNotOverrideConfig.SCR.loadContext(any(HttpServletRequest.class)))
 
-				.willReturn(() -> mock(SecurityContext.class));
 
+		given(DuplicateDoesNotOverrideConfig.SCR.loadDeferredContext(any(HttpServletRequest.class)))
 
+				.willReturn(new TestDeferredSecurityContext(mock(SecurityContext.class), false));
 
 		this.mvc.perform(get("/"));
 
-		verify(DuplicateDoesNotOverrideConfig.SCR).loadContext(any(HttpServletRequest.class));
 
+		verify(DuplicateDoesNotOverrideConfig.SCR).loadDeferredContext(any(HttpServletRequest.class));
 
 	}
 
 
 	// SEC-2932

+ 3 - 1
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java
Parādīt failu 

@@ -27,6 +27,7 @@ import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Configuration;
 
 import org.springframework.mock.web.MockHttpSession;
 
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 
+import org.springframework.security.config.TestDeferredSecurityContext;
 
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
@@ -103,7 +104,8 @@ public class SessionManagementConfigurerTests {
 
 	public void sessionManagementWhenConfiguredThenDoesNotOverrideSecurityContextRepository() throws Exception {
 
 		SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class);
 
 		given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
 
-				.loadContext(any(HttpServletRequest.class))).willReturn(() -> mock(SecurityContext.class));
 
+				.loadDeferredContext(any(HttpServletRequest.class)))
 
+						.willReturn(new TestDeferredSecurityContext(mock(SecurityContext.class), false));
 
 		this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire();
 
 		this.mvc.perform(get("/"));
 
 	}

+ 3 - 25
config/src/test/java/org/springframework/security/config/http/MiscHttpConfigTests.java
Parādīt failu 

@@ -68,6 +68,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 import org.springframework.security.authentication.jaas.AuthorityGranter;
 
+import org.springframework.security.config.TestDeferredSecurityContext;
 
 import org.springframework.security.config.test.SpringTestContext;
 
 import org.springframework.security.config.test.SpringTestContextExtension;
 
 import org.springframework.security.core.Authentication;
 
@@ -75,7 +76,6 @@ import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.security.core.GrantedAuthority;
 
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 
 import org.springframework.security.core.authority.AuthorityUtils;
 
-import org.springframework.security.core.context.DeferredSecurityContext;
 
 import org.springframework.security.core.context.SecurityContext;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 
@@ -473,7 +473,8 @@ public class MiscHttpConfigTests {
 
 		this.spring.configLocations(xml("SecurityContextRepository")).autowire();
 
 		SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class);
 
 		SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
 
-		given(repository.loadContext(any(HttpServletRequest.class))).willReturn(() -> context);
 
+		given(repository.loadDeferredContext(any(HttpServletRequest.class)))
 
+				.willReturn(new TestDeferredSecurityContext(context, false));
 
 		// @formatter:off
 
 		MvcResult result = this.mvc.perform(get("/protected").with(userCredentials()))
 
 				.andExpect(status().isOk())
 
@@ -1039,27 +1040,4 @@ public class MiscHttpConfigTests {
 
 
 	}
 
 
-	static class TestDeferredSecurityContext implements DeferredSecurityContext {
 
-
 
-		private SecurityContext securityContext;
 
-
 
-		private boolean isGenerated;
 
-
 
-		TestDeferredSecurityContext(SecurityContext securityContext, boolean isGenerated) {
 
-			this.securityContext = securityContext;
 
-			this.isGenerated = isGenerated;
 
-		}
 
-
 
-		@Override
 
-		public SecurityContext get() {
 
-			return this.securityContext;
 
-		}
 
-
 
-		@Override
 
-		public boolean isGenerated() {
 
-			return this.isGenerated;
 
-		}
 
-
 
-	}
 
-
 
 }