Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Optimize HttpSessionSecurityContextRepository

Closes gh-9387
Rob Winch 4 years ago
parent
f60daa5152
commit
7cab7b06c5
1 changed files with 5 additions and 9 deletions
Split View Show Diff Stats
  1. 5 9
      web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

+ 5 - 9
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
View File 

@@ -142,13 +142,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 							+ response
 
 							+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
 
 		}
 
-		// saveContext() might already be called by the response wrapper
 
-		// if something in the chain called sendError() or sendRedirect(). This ensures we
 
-		// only call it
 
-		// once per request.
 
-		if (!responseWrapper.isContextSaved()) {
 
-			responseWrapper.saveContext(context);
 
-		}
 
+		responseWrapper.saveContext(context);
 
 	}
 
 
 	public boolean containsContext(HttpServletRequest request) {
 
@@ -305,6 +299,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		private final boolean httpSessionExistedAtStartOfRequest;
 
 		private final SecurityContext contextBeforeExecution;
 
 		private final Authentication authBeforeExecution;
 
+		private boolean isSaveContextInvoked;
 
 
 		/**
 
 		 * Takes the parameters required to call <code>saveContext()</code> successfully
 
@@ -355,6 +350,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 					// SEC-1587 A non-anonymous context may still be in the session
 
 					// SEC-1735 remove if the contextBeforeExecution was not anonymous
 
 					httpSession.removeAttribute(springSecurityContextKey);
 
+					this.isSaveContextInvoked = true;
 
 				}
 
 				return;
 
 			}
 
@@ -371,7 +367,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 				if (contextChanged(context)
 
 						|| httpSession.getAttribute(springSecurityContextKey) == null) {
 
 					httpSession.setAttribute(springSecurityContextKey, context);
 
-
 
+					this.isSaveContextInvoked = true;
 
 					if (logger.isDebugEnabled()) {
 
 						logger.debug("SecurityContext '" + context
 
 								+ "' stored to HttpSession: '" + httpSession);
 
@@ -381,7 +377,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
 		}
 
 
 		private boolean contextChanged(SecurityContext context) {
 
-			return context != contextBeforeExecution
 
+			return this.isSaveContextInvoked || context != contextBeforeExecution
 
 					|| context.getAuthentication() != authBeforeExecution;
 
 		}