10 жил өмнө · f548d89b27
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurer.java
@@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
				 import org.springframework.security.config.http.SessionCreationPolicy;
			
 
				 import org.springframework.security.core.context.SecurityContext;
			
 
				 import org.springframework.security.core.context.SecurityContextHolder;
			
 
				+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
			
 
				 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
			
 
				 import org.springframework.security.web.context.SecurityContextRepository;
			
 
				 
			
@@ -85,6 +86,9 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> e
 
				 
			
 
				 		SecurityContextRepository securityContextRepository = http
			
 
				 				.getSharedObject(SecurityContextRepository.class);
			
 
				+		if(securityContextRepository == null) {
			
 
				+			securityContextRepository = new HttpSessionSecurityContextRepository();
			
 
				+		}
			
 
				 		SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
			
 
				 				securityContextRepository);
			
 
				 		SessionManagementConfigurer<?> sessionManagement = http
			
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.groovy
@@ -24,6 +24,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 
				 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
			
 
				 import org.springframework.security.web.context.SecurityContextPersistenceFilter
			
 
				 import org.springframework.security.web.context.SecurityContextRepository
			
 
				+import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
			
 
				 
			
 
				 /**
			
 
				  *
			
@@ -67,4 +68,44 @@ class SecurityContextConfigurerTests extends BaseSpringSpec {
 
				 				.securityContext()
			
 
				 		}
			
 
				 	}
			
 
				+
			
 
				+	def 'SEC-2932: SecurityContextConfigurer defaults SecurityContextRepository'() {
			
 
				+		setup: 'Configuration without default SecurityContextRepository setup'
			
 
				+		loadConfig(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig)
			
 
				+		when: 'Spring Security invoked'
			
 
				+		springSecurityFilterChain.doFilter(request,response,chain)
			
 
				+		then: 'no exception thrown'
			
 
				+		noExceptionThrown()
			
 
				+	}
			
 
				+
			
 
				+	@Configuration
			
 
				+	@EnableWebSecurity
			
 
				+	static class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
			
 
				+		public SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig() {
			
 
				+			super(true);
			
 
				+		}
			
 
				+
			
 
				+		@Override
			
 
				+		protected void configure(HttpSecurity http) throws Exception {
			
 
				+			// @formatter:off
			
 
				+			http
			
 
				+				.addFilter(new WebAsyncManagerIntegrationFilter())
			
 
				+				.anonymous().and()
			
 
				+				.securityContext().and()
			
 
				+				.authorizeRequests()
			
 
				+					.anyRequest().permitAll()
			
 
				+					.and()
			
 
				+				.httpBasic();
			
 
				+			// @formatter:on
			
 
				+		}
			
 
				+
			
 
				+		// @formatter:off
			
 
				+		@Override
			
 
				+		protected void configure(AuthenticationManagerBuilder auth) {
			
 
				+			auth
			
 
				+			.inMemoryAuthentication()
			
 
				+			.withUser("user").password("password").roles("USER")
			
 
				+		}
			
 
				+		// @formatter:on
			
 
				+	}
			
 
				 }