diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java index 7eb77522e6..700531d588 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServerBearerExchangeFilterFunction.java @@ -18,9 +18,7 @@ package org.springframework.security.oauth2.server.resource.web.reactive.functio import reactor.core.publisher.Mono; -import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.oauth2.core.AbstractOAuth2Token; @@ -52,9 +50,6 @@ import org.springframework.web.reactive.function.client.ExchangeFunction; public final class ServerBearerExchangeFilterFunction implements ExchangeFilterFunction { - private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken("anonymous", "anonymousUser", - AuthorityUtils.createAuthorityList("ROLE_USER")); - /** * {@inheritDoc} */ @@ -75,8 +70,7 @@ public final class ServerBearerExchangeFilterFunction private Mono currentAuthentication() { return ReactiveSecurityContextHolder.getContext() - .map(SecurityContext::getAuthentication) - .defaultIfEmpty(ANONYMOUS_USER_TOKEN); + .map(SecurityContext::getAuthentication); } private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) { diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java index f7414b8f10..e85540761b 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/reactive/function/client/ServletBearerExchangeFilterFunction.java @@ -18,9 +18,7 @@ package org.springframework.security.oauth2.server.resource.web.reactive.functio import reactor.core.publisher.Mono; -import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.core.AbstractOAuth2Token; import org.springframework.web.reactive.function.client.ClientRequest; @@ -51,9 +49,6 @@ import org.springframework.web.reactive.function.client.ExchangeFunction; public final class ServletBearerExchangeFilterFunction implements ExchangeFilterFunction { - private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken("anonymous", "anonymousUser", - AuthorityUtils.createAuthorityList("ROLE_USER")); - /** * {@inheritDoc} */ @@ -73,8 +68,7 @@ public final class ServletBearerExchangeFilterFunction } private Mono currentAuthentication() { - return Mono.justOrEmpty(SecurityContextHolder.getContext().getAuthentication()) - .defaultIfEmpty(ANONYMOUS_USER_TOKEN); + return Mono.justOrEmpty(SecurityContextHolder.getContext().getAuthentication()); } private ClientRequest bearer(ClientRequest request, AbstractOAuth2Token token) {