HttpSessionSecurityContextRepository support null HttpServletResponse

Closes gh-11029

web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

@@ -122,10 +122,12 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 				this.logger.trace(LogMessage.format("Created %s", context));
 			}
 		}
-		SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request,
-				httpSession != null, context);
-		requestResponseHolder.setResponse(wrappedResponse);
-		requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
+		if (response != null) {
+			SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request,
+					httpSession != null, context);
+			requestResponseHolder.setResponse(wrappedResponse);
+			requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));
+		}
 		return context;
 	}
 

web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java

@@ -133,6 +133,14 @@ public class HttpSessionSecurityContextRepositoryTests {
 		assertThat(request.getSession(false)).isNull();
 	}
 
+	@Test
+	public void loadContextWhenNullResponse() {
+		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null);
+		assertThat(repo.loadContext(holder)).isEqualTo(SecurityContextHolder.createEmptyContext());
+	}
+
 	@Test
 	public void existingContextIsSuccessFullyLoadedFromSessionAndSavedBack() {
 		HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();