Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Use HttpSessionSecurityContextRepository by default in SwitchUserFilter

Closes gh-12834
Marcus Da Coregio 2 years ago
parent
094bf1b527
commit
84cca81edf
2 changed files with 5 additions and 4 deletions
Split View Show Diff Stats
  1. 2 1
      web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
  2. 3 3
      web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java

+ 2 - 1
web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
View File 

@@ -58,6 +58,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
 import org.springframework.security.web.context.SecurityContextRepository;
 
 import org.springframework.security.web.util.UrlUtils;
 
@@ -144,7 +145,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv
 
 
 	private AuthenticationFailureHandler failureHandler;
 
 
-	private SecurityContextRepository securityContextRepository = new RequestAttributeSecurityContextRepository();
 
+	private SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
 
 
 	@Override
 
 	public void afterPropertiesSet() {

+ 3 - 3
web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
View File 

@@ -47,7 +47,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import org.springframework.security.util.FieldUtils;
 
 import org.springframework.security.web.DefaultRedirectStrategy;
 
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
 import org.springframework.security.web.context.SecurityContextRepository;
 
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import org.springframework.test.util.ReflectionTestUtils;
 
@@ -491,10 +491,10 @@ public class SwitchUserFilterTests {
 
 	}
 
 
 	@Test
 
-	void filterWhenDefaultSecurityContextRepositoryThenRequestAttributeRepository() {
 
+	void filterWhenDefaultSecurityContextRepositoryThenHttpSessionRepository() {
 
 		SwitchUserFilter switchUserFilter = new SwitchUserFilter();
 
 		assertThat(ReflectionTestUtils.getField(switchUserFilter, "securityContextRepository"))
 
-				.isInstanceOf(RequestAttributeSecurityContextRepository.class);
 
+				.isInstanceOf(HttpSessionSecurityContextRepository.class);
 
 	}
 
 
 	@Test