7 years ago · 942b51dba7
--- a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
@@ -27,6 +27,10 @@ public enum SecurityWebFiltersOrder {
 
				 	 * {@link org.springframework.security.web.server.csrf.CsrfWebFilter}
			
 
				 	 */
			
 
				 	CSRF,
			
 
				+	/**
			
 
				+	 * {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
			
 
				+	 */
			
 
				+	REACTOR_CONTEXT,
			
 
				 	/**
			
 
				 	 * Instance of AuthenticationWebFilter
			
 
				 	 */
			
@@ -36,10 +40,6 @@ public enum SecurityWebFiltersOrder {
 
				 	 */
			
 
				 	FORM_LOGIN,
			
 
				 	AUTHENTICATION,
			
 
				-	/**
			
 
				-	 * {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
			
 
				-	 */
			
 
				-	REACTOR_CONTEXT,
			
 
				 	LOGIN_PAGE_GENERATING,
			
 
				 	LOGOUT_PAGE_GENERATING,
			
 
				 	/**
			
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -229,9 +229,6 @@ public class ServerHttpSecurity {
 
				 		}
			
 
				 		if(this.httpBasic != null) {
			
 
				 			this.httpBasic.authenticationManager(this.authenticationManager);
			
 
				-			if(this.securityContextRepository != null) {
			
 
				-				this.httpBasic.securityContextRepository(this.securityContextRepository);
			
 
				-			}
			
 
				 			this.httpBasic.configure(this);
			
 
				 		}
			
 
				 		if(this.formLogin != null) {
			
--- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
@@ -100,7 +100,7 @@ public class ServerHttpSecurityTests {
 
				 			.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
			
 
				 			.returnResult();
			
 
				 
			
 
				-		assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
			
 
				+		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
--- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -18,6 +18,7 @@ package org.springframework.security.web.server.authentication;
 
				 import java.util.function.Function;
			
 
				 
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
			
 
				 import reactor.core.publisher.Mono;
			
 
				 
			
 
				 import org.springframework.security.authentication.ReactiveAuthenticationManager;
			
@@ -82,7 +83,8 @@ public class AuthenticationWebFilter implements WebFilter {
 
				 		securityContext.setAuthentication(authentication);
			
 
				 		return this.securityContextRepository.save(exchange, securityContext)
			
 
				 			.then(this.authenticationSuccessHandler
			
 
				-				.onAuthenticationSuccess(webFilterExchange, authentication));
			
 
				+				.onAuthenticationSuccess(webFilterExchange, authentication))
			
 
				+			.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
			
 
				 	}
			
 
				 
			
 
				 	public void setSecurityContextRepository(