RequestAttributeSecurityContextRepository never null SecurityContext
Previously loadContext(HttpServletRequest) could return a Supplier that returned a null SecurityContext This commit ensures that null is never returned by the Supplier by returning SecurityContextHolder.createEmptyContext() instead. Closes gh-11606
This commit is contained in:
Rob Winch
parent
99f768bab9
commit
269c711a64
|
|
@ -66,18 +66,26 @@ public final class RequestAttributeSecurityContextRepository implements Security
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean containsContext(HttpServletRequest request) {
|
public boolean containsContext(HttpServletRequest request) {
|
||||||
return loadContext(request).get() != null;
|
return getContext(request) != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
|
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
|
||||||
SecurityContext context = loadContext(requestResponseHolder.getRequest()).get();
|
return getContextOrEmpty(requestResponseHolder.getRequest());
|
||||||
return (context != null) ? context : SecurityContextHolder.createEmptyContext();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Supplier<SecurityContext> loadContext(HttpServletRequest request) {
|
public Supplier<SecurityContext> loadContext(HttpServletRequest request) {
|
||||||
return () -> (SecurityContext) request.getAttribute(this.requestAttributeName);
|
return () -> getContextOrEmpty(request);
|
||||||
|
}
|
||||||
|
|
||||||
|
private SecurityContext getContextOrEmpty(HttpServletRequest request) {
|
||||||
|
SecurityContext context = getContext(request);
|
||||||
|
return (context != null) ? context : SecurityContextHolder.createEmptyContext();
|
||||||
|
}
|
||||||
|
|
||||||
|
private SecurityContext getContext(HttpServletRequest request) {
|
||||||
|
return (SecurityContext) request.getAttribute(this.requestAttributeName);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,8 @@
|
||||||
|
|
||||||
package org.springframework.security.web.context;
|
package org.springframework.security.web.context;
|
||||||
|
|
||||||
|
import java.util.function.Supplier;
|
||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.mock.web.MockHttpServletRequest;
|
import org.springframework.mock.web.MockHttpServletRequest;
|
||||||
|
|
@ -67,4 +69,17 @@ class RequestAttributeSecurityContextRepositoryTests {
|
||||||
assertThat(this.repository.containsContext(this.request)).isTrue();
|
assertThat(this.repository.containsContext(this.request)).isTrue();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void loadDeferredContextWhenNotPresentThenEmptyContext() {
|
||||||
|
Supplier<SecurityContext> deferredContext = this.repository.loadContext(this.request);
|
||||||
|
assertThat(deferredContext.get()).isEqualTo(SecurityContextHolder.createEmptyContext());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void loadContextWhenNotPresentThenEmptyContext() {
|
||||||
|
SecurityContext context = this.repository
|
||||||
|
.loadContext(new HttpRequestResponseHolder(this.request, this.response));
|
||||||
|
assertThat(context).isEqualTo(SecurityContextHolder.createEmptyContext());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue