@ -1,5 +1,5 @@
@@ -1,5 +1,5 @@
/ *
* Copyright 2002 - 2019 the original author or authors .
* Copyright 2002 - 2022 the original author or authors .
*
* Licensed under the Apache License , Version 2 . 0 ( the "License" ) ;
* you may not use this file except in compliance with the License .
@ -32,6 +32,7 @@ import org.springframework.security.core.Authentication;
@@ -32,6 +32,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException ;
import org.springframework.security.core.context.SecurityContext ;
import org.springframework.security.core.context.SecurityContextHolder ;
import org.springframework.security.core.context.SecurityContextHolderStrategy ;
import org.springframework.security.web.context.NullSecurityContextRepository ;
import org.springframework.security.web.context.SecurityContextRepository ;
import org.springframework.security.web.util.matcher.AnyRequestMatcher ;
@ -67,6 +68,9 @@ import org.springframework.web.filter.OncePerRequestFilter;
@@ -67,6 +68,9 @@ import org.springframework.web.filter.OncePerRequestFilter;
* /
public class AuthenticationFilter extends OncePerRequestFilter {
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
. getContextHolderStrategy ( ) ;
private RequestMatcher requestMatcher = AnyRequestMatcher . INSTANCE ;
private AuthenticationConverter authenticationConverter ;
@ -151,6 +155,17 @@ public class AuthenticationFilter extends OncePerRequestFilter {
@@ -151,6 +155,17 @@ public class AuthenticationFilter extends OncePerRequestFilter {
this . securityContextRepository = securityContextRepository ;
}
/ * *
* Sets the { @link SecurityContextHolderStrategy } to use . The default action is to use
* the { @link SecurityContextHolderStrategy } stored in { @link SecurityContextHolder } .
*
* @since 5 . 8
* /
public void setSecurityContextHolderStrategy ( SecurityContextHolderStrategy securityContextHolderStrategy ) {
Assert . notNull ( securityContextHolderStrategy , "securityContextHolderStrategy cannot be null" ) ;
this . securityContextHolderStrategy = securityContextHolderStrategy ;
}
@Override
protected void doFilterInternal ( HttpServletRequest request , HttpServletResponse response , FilterChain filterChain )
throws ServletException , IOException {
@ -180,15 +195,15 @@ public class AuthenticationFilter extends OncePerRequestFilter {
@@ -180,15 +195,15 @@ public class AuthenticationFilter extends OncePerRequestFilter {
private void unsuccessfulAuthentication ( HttpServletRequest request , HttpServletResponse response ,
AuthenticationException failed ) throws IOException , ServletException {
SecurityContextHolder . clearContext ( ) ;
this . securityContextHolderStrategy . clearContext ( ) ;
this . failureHandler . onAuthenticationFailure ( request , response , failed ) ;
}
private void successfulAuthentication ( HttpServletRequest request , HttpServletResponse response , FilterChain chain ,
Authentication authentication ) throws IOException , ServletException {
SecurityContext context = SecurityContextHolder . createEmptyContext ( ) ;
SecurityContext context = this . securityContextHolderStrategy . createEmptyContext ( ) ;
context . setAuthentication ( authentication ) ;
SecurityContextHolder . setContext ( context ) ;
this . securityContextHolderStrategy . setContext ( context ) ;
this . securityContextRepository . saveContext ( context , request , response ) ;
this . successHandler . onAuthenticationSuccess ( request , response , chain , authentication ) ;
}
Josh Cummings
4 years ago