SEC-3047: SecurityContextHolderAwareRequestFactory update RequestFactory

web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java

@@ -94,6 +94,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	public void setRolePrefix(String rolePrefix) {
 		Assert.notNull(rolePrefix, "Role prefix must not be null");
 		this.rolePrefix = rolePrefix;
+		updateFactory();
 	}
 
 	/**
@@ -172,6 +173,10 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	@Override
 	public void afterPropertiesSet() throws ServletException {
 		super.afterPropertiesSet();
+		updateFactory();
+	}
+
+	private void updateFactory() {
 		requestFactory = isServlet3() ? createServlet3Factory(rolePrefix)
 				: new HttpServlet25RequestFactory(trustResolver, rolePrefix);
 	}
@@ -186,6 +191,7 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 	public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
 		Assert.notNull(trustResolver, "trustResolver cannot be null");
 		this.trustResolver = trustResolver;
+		updateFactory();
 	}
 
 	private HttpServletRequestFactory createServlet3Factory(String rolePrefix) {

web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java

@@ -379,6 +379,16 @@ public class SecurityContextHolderAwareRequestFilterTests {
 				.isEqualTo(runnable);
 	}
 
+	// SEC-3047
+	@Test
+	public void updateRequestFactory() throws Exception {
+		SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user",
+				"password", "PREFIX_USER"));
+		filter.setRolePrefix("PREFIX_");
+
+		assertThat(wrappedRequest().isUserInRole("PREFIX_USER")).isTrue();;
+	}
+
 	private HttpServletRequest wrappedRequest() throws Exception {
 		filter.doFilter(request, response, filterChain);
 		verify(filterChain).doFilter(requestCaptor.capture(),