GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Optimize HttpSessionSecurityContextRepository 

Closes gh-9387
pull/9866/head
Rob Winch 5 years ago committed by Josh Cummings
parent
f60daa5152
commit
7cab7b06c5
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 5 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

14
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
Unescape View File

@ -142,13 +142,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo @@ -142,13 +142,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
+ response
+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
}
// saveContext() might already be called by the response wrapper
// if something in the chain called sendError() or sendRedirect(). This ensures we
// only call it
// once per request.
if (!responseWrapper.isContextSaved()) {
responseWrapper.saveContext(context);
}
responseWrapper.saveContext(context);
}
public boolean containsContext(HttpServletRequest request) {
@ -305,6 +299,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo @@ -305,6 +299,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
private final boolean httpSessionExistedAtStartOfRequest;
private final SecurityContext contextBeforeExecution;
private final Authentication authBeforeExecution;
private boolean isSaveContextInvoked;
/**
* Takes the parameters required to call <code>saveContext()</code> successfully
@ -355,6 +350,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo @@ -355,6 +350,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
// SEC-1587 A non-anonymous context may still be in the session
// SEC-1735 remove if the contextBeforeExecution was not anonymous
httpSession.removeAttribute(springSecurityContextKey);
this.isSaveContextInvoked = true;
}
return;
}
@ -371,7 +367,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo @@ -371,7 +367,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
if (contextChanged(context)
|| httpSession.getAttribute(springSecurityContextKey) == null) {
httpSession.setAttribute(springSecurityContextKey, context);
this.isSaveContextInvoked = true;
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext '" + context
+ "' stored to HttpSession: '" + httpSession);
@ -381,7 +377,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo @@ -381,7 +377,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
}
private boolean contextChanged(SecurityContext context) {
return context != contextBeforeExecution
return this.isSaveContextInvoked || context != contextBeforeExecution
|| context.getAuthentication() != authBeforeExecution;
}

Write Preview
Loading…
Cancel
Save