Commit b48b10a

committed

Pick Up SecurityContextHolderStrategy Bean

This commit provides the SecurityContextHolderStrategy bean to ProviderManager instances that the HttpSecurity DSL constructs.

1 parent 2524a07 commit b48b10aCopy full SHA for b48b10a

File tree

6 files changed

+45

-2

lines changed

config/src/main/java/org/springframework/security/config
- annotation
  - authentication
    - builders
      - AuthenticationManagerBuilder.java
    - configuration
      - AuthenticationConfiguration.java
  - method/configuration
    - GlobalMethodSecurityConfiguration.java
  - web
    - configuration
      - HttpSecurityConfiguration.java
    - configurers
      - WebAuthnConfigurer.java
- authentication
  - AuthenticationManagerFactoryBean.java

6 files changed

+45

-2

lines changed

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java`

Lines changed: 30 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,10 +18,14 @@`
`18`	`18`
`19`	`19`	`import java.util.ArrayList;`
`20`	`20`	`import java.util.List;`
	`21`	`+import java.util.stream.Stream;`
`21`	`22`
`22`	`23`	`import org.apache.commons.logging.Log;`
`23`	`24`	`import org.apache.commons.logging.LogFactory;`
	`25`	`+import org.jspecify.annotations.Nullable;`
`24`	`26`
	`27`	`+import org.springframework.beans.factory.BeanFactory;`
	`28`	`+import org.springframework.beans.factory.ObjectProvider;`
`25`	`29`	`import org.springframework.security.authentication.AuthenticationEventPublisher;`
`26`	`30`	`import org.springframework.security.authentication.AuthenticationManager;`
`27`	`31`	`import org.springframework.security.authentication.AuthenticationProvider;`
`@@ -37,6 +41,8 @@`
`37`	`41`	`import org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer;`
`38`	`42`	`import org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer;`
`39`	`43`	`import org.springframework.security.core.Authentication;`
	`44`	`+import org.springframework.security.core.context.SecurityContextHolder;`
	`45`	`+import org.springframework.security.core.context.SecurityContextHolderStrategy;`
`40`	`46`	`import org.springframework.security.core.userdetails.UserDetailsService;`
`41`	`47`	`import org.springframework.util.Assert;`
`42`	`48`
`@@ -235,6 +241,10 @@ protected ProviderManager performBuild() throws Exception {`
`235`	`241`	`if (this.eventPublisher != null) {`
`236`	`242`	`providerManager.setAuthenticationEventPublisher(this.eventPublisher);`
`237`	`243`	`}`
	`244`	`+ SecurityContextHolderStrategy securityContextHolderStrategy = getBeanProvider(`
	`245`	`+ SecurityContextHolderStrategy.class)`
	`246`	`+ .getIfUnique(SecurityContextHolder::getContextHolderStrategy);`
	`247`	`+ providerManager.setSecurityContextHolderStrategy(securityContextHolderStrategy);`
`238`	`248`	`providerManager = postProcess(providerManager);`
`239`	`249`	`return providerManager;`
`240`	`250`	`}`
`@@ -283,4 +293,24 @@ public UserDetailsService getDefaultUserDetailsService() {`
`283`	`293`	`return configurer;`
`284`	`294`	`}`
`285`	`295`
	`296`	`+ private <C> ObjectProvider<C> getBeanProvider(Class<C> clazz) {`
	`297`	`+ BeanFactory beanFactory = getSharedObject(BeanFactory.class);`
	`298`	`+ return (beanFactory != null) ? beanFactory.getBeanProvider(clazz) : new SingleObjectProvider<>(null);`
	`299`	`+ }`
	`300`	`+`
	`301`	`+ private static final class SingleObjectProvider<O> implements ObjectProvider<O> {`
	`302`	`+`
	`303`	`+ private final @Nullable O object;`
	`304`	`+`
	`305`	`+ private SingleObjectProvider(@Nullable O object) {`
	`306`	`+ this.object = object;`
	`307`	`+ }`
	`308`	`+`
	`309`	`+ @Override`
	`310`	`+ public Stream<O> stream() {`
	`311`	`+ return Stream.ofNullable(this.object);`
	`312`	`+ }`
	`313`	`+`
	`314`	`+ }`
	`315`	`+`
`286`	`316`	`}`

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@`
`27`	`27`
`28`	`28`	`import org.springframework.aop.framework.ProxyFactoryBean;`
`29`	`29`	`import org.springframework.aop.target.LazyInitTargetSource;`
	`30`	`+import org.springframework.beans.factory.BeanFactory;`
`30`	`31`	`import org.springframework.beans.factory.BeanFactoryUtils;`
`31`	`32`	`import org.springframework.beans.factory.annotation.Autowired;`
`32`	`33`	`import org.springframework.context.ApplicationContext;`
`@@ -83,6 +84,7 @@ public AuthenticationManagerBuilder authenticationManagerBuilder(ObjectPostProce`
`83`	`84`	`AuthenticationEventPublisher authenticationEventPublisher = getAuthenticationEventPublisher(context);`
`84`	`85`	`DefaultPasswordEncoderAuthenticationManagerBuilder result = new DefaultPasswordEncoderAuthenticationManagerBuilder(`
`85`	`86`	`objectPostProcessor, defaultPasswordEncoder);`
	`87`	`+ result.setSharedObject(BeanFactory.class, this.applicationContext);`
`86`	`88`	`if (authenticationEventPublisher != null) {`
`87`	`89`	`result.authenticationEventPublisher(authenticationEventPublisher);`
`88`	`90`	`}`

`‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -318,6 +318,7 @@ protected AuthenticationManager authenticationManager() throws Exception {`
`318`	`318`	`.postProcess(new DefaultAuthenticationEventPublisher());`
`319`	`319`	`this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);`
`320`	`320`	`this.auth.authenticationEventPublisher(eventPublisher);`
	`321`	`+ this.auth.setSharedObject(BeanFactory.class, this.context);`
`321`	`322`	`configure(this.auth);`
`322`	`323`	`this.authenticationManager = (this.disableAuthenticationRegistry)`
`323`	`324`	`? getAuthenticationConfiguration().getAuthenticationManager() : this.auth.build();`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`import java.util.List;`
`22`	`22`	`import java.util.Map;`
`23`	`23`
	`24`	`+import org.springframework.beans.factory.BeanFactory;`
`24`	`25`	`import org.springframework.beans.factory.ObjectProvider;`
`25`	`26`	`import org.springframework.beans.factory.annotation.Autowired;`
`26`	`27`	`import org.springframework.context.ApplicationContext;`
`@@ -116,6 +117,7 @@ HttpSecurity httpSecurity() throws Exception {`
`116`	`117`	`LazyPasswordEncoder passwordEncoder = new LazyPasswordEncoder(this.context);`
`117`	`118`	`AuthenticationManagerBuilder authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(`
`118`	`119`	`this.objectPostProcessor, passwordEncoder);`
	`120`	`+ authenticationBuilder.setSharedObject(BeanFactory.class, this.context);`
`119`	`121`	`authenticationBuilder.parentAuthenticationManager(authenticationManager());`
`120`	`122`	`authenticationBuilder.authenticationEventPublisher(getAuthenticationEventPublisher());`
`121`	`123`	`HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -162,8 +162,10 @@ public void configure(H http) throws Exception {`
`162`	`162`	`WebAuthnRelyingPartyOperations rpOperations = webAuthnRelyingPartyOperations(userEntities, userCredentials);`
`163`	`163`	`PublicKeyCredentialCreationOptionsRepository creationOptionsRepository = creationOptionsRepository();`
`164`	`164`	`WebAuthnAuthenticationFilter webAuthnAuthnFilter = new WebAuthnAuthenticationFilter();`
`165`		`- webAuthnAuthnFilter.setAuthenticationManager(`
`166`		`- new ProviderManager(new WebAuthnAuthenticationProvider(rpOperations, userDetailsService)));`
	`165`	`+ ProviderManager manager = new ProviderManager(`
	`166`	`+ new WebAuthnAuthenticationProvider(rpOperations, userDetailsService));`
	`167`	`+ manager.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());`
	`168`	`+ webAuthnAuthnFilter.setAuthenticationManager(manager);`
`167`	`169`	`WebAuthnRegistrationFilter webAuthnRegistrationFilter = new WebAuthnRegistrationFilter(userCredentials,`
`168`	`170`	`rpOperations);`
`169`	`171`	`PublicKeyCredentialCreationOptionsFilter creationOptionsFilter = new PublicKeyCredentialCreationOptionsFilter(`

`‎config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,8 @@`
`30`	`30`	`import org.springframework.security.authentication.ProviderManager;`
`31`	`31`	`import org.springframework.security.authentication.dao.DaoAuthenticationProvider;`
`32`	`32`	`import org.springframework.security.config.BeanIds;`
	`33`	`+import org.springframework.security.core.context.SecurityContextHolder;`
	`34`	`+import org.springframework.security.core.context.SecurityContextHolderStrategy;`
`33`	`35`	`import org.springframework.security.core.userdetails.UserDetailsService;`
`34`	`36`	`import org.springframework.security.crypto.password.PasswordEncoder;`
`35`	`37`
`@@ -72,6 +74,10 @@ public AuthenticationManager getObject() throws Exception {`
`72`	`74`	`}`
`73`	`75`	`provider.afterPropertiesSet();`
`74`	`76`	`ProviderManager manager = new ProviderManager(Arrays.asList(provider));`
	`77`	`+ SecurityContextHolderStrategy securityContextHolderStrategy = this.bf`
	`78`	`+ .getBeanProvider(SecurityContextHolderStrategy.class)`
	`79`	`+ .getIfUnique(SecurityContextHolder::getContextHolderStrategy);`
	`80`	`+ manager.setSecurityContextHolderStrategy(securityContextHolderStrategy);`
`75`	`81`	`if (this.observationRegistry.isNoop()) {`
`76`	`82`	`return manager;`
`77`	`83`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit b48b10a

File tree

6 files changed

6 files changed

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java`

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java`

`‎config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java`

0 commit comments