SEC-2274: Add ApplicationContext as HttpSecurity shared object

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -151,6 +151,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
         authenticationBuilder.parentAuthenticationManager(authenticationManager);
         http = new HttpSecurity(objectPostProcessor,authenticationBuilder, parentAuthenticationBuilder.getSharedObjects());
         http.setSharedObject(UserDetailsService.class, userDetailsService());
+        http.setSharedObject(ApplicationContext.class, context);
         http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
         if(!disableDefaults) {
             http

config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy

@@ -243,6 +243,19 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
         }
     }
 
+    def "SEC-2274: WebSecurityConfigurer adds ApplicationContext as a shared object"() {
+        when:
+            loadConfig(ApplicationContextSharedObjectConfig)
+        then:
+            context.getBean(ApplicationContextSharedObjectConfig).http.getSharedObject(ApplicationContext) == context
+    }
+
+    @Configuration
+    @EnableWebSecurity
+    static class ApplicationContextSharedObjectConfig extends WebSecurityConfigurerAdapter {
+
+    }
+
     static class MyFilter extends OncePerRequestFilter {
         private UserDetailsService userDetailsService
         public MyFilter(UserDetailsService uds) {