From 0c0e298aa72e81feeb0ee501c1def65ff2b6ed27 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 5 Oct 2022 23:38:14 -0600 Subject: [PATCH] Polish Saml2 XML Use of SecurityContextHolderStrategy Issue gh-11061 --- .../http/Saml2LogoutBeanDefinitionParser.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java index 5851d39e12..10f3f13781 100644 --- a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.ParserContext; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver; import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter; @@ -166,6 +167,8 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { BeanMetadataElement logoutMatcher = BeanDefinitionBuilder.rootBeanDefinition(AntPathRequestMatcher.class) .addConstructorArgValue(this.logoutUrl).addConstructorArgValue("POST").getBeanDefinition(); BeanMetadataElement saml2Matcher = BeanDefinitionBuilder.rootBeanDefinition(Saml2RequestMatcher.class) + .addPropertyValue("securityContextHolderStrategy", + this.authenticationFilterSecurityContextHolderStrategy) .getBeanDefinition(); return BeanDefinitionBuilder.rootBeanDefinition(AndRequestMatcher.class) .addConstructorArgValue(toManagedList(logoutMatcher, saml2Matcher)).getBeanDefinition(); @@ -227,17 +230,24 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { } - private static class Saml2RequestMatcher implements RequestMatcher { + public static class Saml2RequestMatcher implements RequestMatcher { + + private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder + .getContextHolderStrategy(); @Override public boolean matches(HttpServletRequest request) { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication(); if (authentication == null) { return false; } return authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal; } + public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) { + this.securityContextHolderStrategy = securityContextHolderStrategy; + } + } }