Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Optimize HttpSessionSecurityContextRepository 

Closes gh-9387
This commit is contained in:
Rob Winch 2021-01-28 16:54:32 -06:00
parent 996ccc08a4
commit 38e9e8ca52
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
View File

@ -142,13 +142,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
+ response
+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
}
// saveContext() might already be called by the response wrapper
// if something in the chain called sendError() or sendRedirect(). This ensures we
// only call it
// once per request.
if (!responseWrapper.isContextSaved()) {
responseWrapper.saveContext(context);
}
responseWrapper.saveContext(context);
}
public boolean containsContext(HttpServletRequest request) {
@ -305,6 +299,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
private final boolean httpSessionExistedAtStartOfRequest;
private final SecurityContext contextBeforeExecution;
private final Authentication authBeforeExecution;
private boolean isSaveContextInvoked;
/**
* Takes the parameters required to call <code>saveContext()</code> successfully
@ -355,6 +350,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
// SEC-1587 A non-anonymous context may still be in the session
// SEC-1735 remove if the contextBeforeExecution was not anonymous
httpSession.removeAttribute(springSecurityContextKey);
this.isSaveContextInvoked = true;
}
return;
}
@ -371,7 +367,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
if (contextChanged(context)
|| httpSession.getAttribute(springSecurityContextKey) == null) {
httpSession.setAttribute(springSecurityContextKey, context);
this.isSaveContextInvoked = true;
if (logger.isDebugEnabled()) {
logger.debug("SecurityContext '" + context
+ "' stored to HttpSession: '" + httpSession);
@ -381,7 +377,7 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
}
private boolean contextChanged(SecurityContext context) {
return context != contextBeforeExecution
return this.isSaveContextInvoked || context != contextBeforeExecution
|| context.getAuthentication() != authBeforeExecution;
}