From c63b258b1687a7811e5df554d41e1d8824a6b341 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Wed, 25 Oct 2017 16:36:38 -0500
Subject: [PATCH] AuthorizeWebFilter uses ReactiveSecurityContextHolder

Issue gh-4719
---
 .../web/server/authorization/AuthorizationWebFilter.java | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index eb146026bd..e703b8b724 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -17,6 +17,9 @@ package org.springframework.security.web.server.authorization;
 
 
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
@@ -37,7 +40,9 @@ public class AuthorizationWebFilter implements WebFilter {
 
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return accessDecisionManager.verify(exchange.getPrincipal(), exchange)
-			.switchIfEmpty( Mono.defer(() -> chain.filter(exchange)) );
+		return ReactiveSecurityContextHolder.getContext()
+			.map(SecurityContext::getAuthentication)
+			.as( authentication -> this.accessDecisionManager.verify(authentication, exchange))
+			.switchIfEmpty(chain.filter(exchange));
 	}
 }