Pick Up Custom SecurityContextRespository

Closes gh-12579

config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java

@@ -380,6 +380,9 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 				http.setSharedObject(SecurityContextRepository.class, defaultRepository);
 			}
 		}
+		else {
+			this.sessionManagementSecurityContextRepository = securityContextRepository;
+		}
 		RequestCache requestCache = http.getSharedObject(RequestCache.class);
 		if (requestCache == null) {
 			if (stateless) {

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java

@@ -125,6 +125,18 @@ public class SessionManagementConfigurerTests {
 		this.mvc.perform(get("/"));
 	}
 
+	@Test
+	public void sessionManagementWhenSecurityContextRepositoryIsConfiguredThenUseIt() throws Exception {
+		SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class);
+		given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
+				.loadDeferredContext(any(HttpServletRequest.class)))
+						.willReturn(new TestDeferredSecurityContext(mock(SecurityContext.class), false));
+		this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire();
+		this.mvc.perform(get("/"));
+		verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO)
+				.containsContext(any(HttpServletRequest.class));
+	}
+
 	@Test
 	public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception {
 		this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();