Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Polish SecurityContextHolderStrategy XML Configuration for Defaults

Issue gh-11061
Josh Cummings 3 years ago
parent
1ac1271972
commit
8d681b3b80
3 changed files with 17 additions and 19 deletions
Split View Show Diff Stats
  1. 6 6
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  2. 8 9
      config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
  3. 3 4
      config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java

+ 6 - 6
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File 

@@ -236,7 +236,7 @@ final class AuthenticationConfigBuilder {
 
 
 	AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc,
 
 			SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager,
 
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef,
 
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
 
 			BeanReference authenticationFilterSecurityContextRepositoryRef, BeanReference sessionStrategy,
 
 			BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
 
 		this.httpElt = element;
 
@@ -295,7 +295,7 @@ final class AuthenticationConfigBuilder {
 
 	}
 
 
 	void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager,
 
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef,
 
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
 
 			BeanReference authenticationFilterSecurityContextRepositoryRef) {
 
 		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
 
 		RootBeanDefinition formFilter = null;
 
@@ -570,7 +570,7 @@ final class AuthenticationConfigBuilder {
 
 	}
 
 
 	void createBasicFilter(BeanReference authManager,
 
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
 
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 
 		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
 
 		if (basicAuthElt == null && !this.autoConfig) {
 
 			// No basic auth, do nothing
 
@@ -747,7 +747,7 @@ final class AuthenticationConfigBuilder {
 
 		}
 
 	}
 
 
-	void createLogoutFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
 
+	void createLogoutFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 
 		Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT);
 
 		if (logoutElt != null || this.autoConfig) {
 
 			String formLoginPage = this.formLoginPage;
 
@@ -812,7 +812,7 @@ final class AuthenticationConfigBuilder {
 
 		return this.csrfIgnoreRequestMatchers;
 
 	}
 
 
-	void createAnonymousFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
 
+	void createAnonymousFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 
 		Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS);
 
 		if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
 
 			return;
 
@@ -858,7 +858,7 @@ final class AuthenticationConfigBuilder {
 
 		return Long.toString(random.nextLong());
 
 	}
 
 
-	void createExceptionTranslationFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
 
+	void createExceptionTranslationFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 
 		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
 
 		this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
 
 		etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);

+ 8 - 9
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2021 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -161,7 +161,7 @@ class HttpConfigurationBuilder {
 
 
 	private BeanDefinition forceEagerSessionCreationFilter;
 
 
-	private BeanReference holderStrategyRef;
 
+	private BeanMetadataElement holderStrategyRef;
 
 
 	private BeanReference contextRepoRef;
 
 
@@ -302,7 +302,7 @@ class HttpConfigurationBuilder {
 
 		return lowerCase ? path.toLowerCase() : path;
 
 	}
 
 
-	BeanReference getSecurityContextHolderStrategyForAuthenticationFilters() {
 
+	BeanMetadataElement getSecurityContextHolderStrategyForAuthenticationFilters() {
 
 		return this.holderStrategyRef;
 
 	}
 
 
@@ -351,13 +351,12 @@ class HttpConfigurationBuilder {
 
 
 	private void createSecurityContextHolderStrategy() {
 
 		String holderStrategyRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_HOLDER_STRATEGY);
 
-		if (!StringUtils.hasText(holderStrategyRef)) {
 
-			BeanDefinition holderStrategyBean = BeanDefinitionBuilder
 
-					.rootBeanDefinition(SecurityContextHolderStrategyFactory.class).getBeanDefinition();
 
-			holderStrategyRef = this.pc.getReaderContext().generateBeanName(holderStrategyBean);
 
-			this.pc.registerBeanComponent(new BeanComponentDefinition(holderStrategyBean, holderStrategyRef));
 
+		if (StringUtils.hasText(holderStrategyRef)) {
 
+			this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef);
 
+			return;
 
 		}
 
-		this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef);
 
+		this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class)
 
+				.getBeanDefinition();
 
 	}
 
 
 	private void createSecurityContextRepository() {

+ 3 - 4
config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2019 the original author or authors.
 
+ * Copyright 2002-2022 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -20,7 +20,6 @@ import org.w3c.dom.Element;
 
 
 import org.springframework.beans.BeanMetadataElement;
 
 import org.springframework.beans.factory.config.BeanDefinition;
 
-import org.springframework.beans.factory.config.BeanReference;
 
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 
 import org.springframework.beans.factory.support.ManagedList;
 
@@ -62,10 +61,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
 
 
 	private BeanMetadataElement logoutSuccessHandler;
 
 
-	private BeanReference authenticationFilterSecurityContextHolderStrategyRef;
 
+	private BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef;
 
 
 	LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler,
 
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
 
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 
 		this.defaultLogoutUrl = loginPageUrl + "?logout";
 
 		this.rememberMeServices = rememberMeServices;
 
 		this.csrfEnabled = csrfLogoutHandler != null;