From 4e5780a30cd7e3f71e800b6819a95ec01a671f0e Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Fri, 2 Feb 2024 15:15:35 -0300 Subject: [PATCH] Fix setters not working for CasAuthenticationFilter The setSecurityContextRepository and setSecurityContextHolderStrategy only works for the parent class. This commit overrides the method and make sure that we set the objects in the super class and the CasAuthenticationFilter. Closes gh-14529 --- .../security/cas/web/CasAuthenticationFilter.java | 8 +++++++- .../cas/web/CasAuthenticationFilterTests.java | 15 ++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java index 854332f7f3..9f9e7449aa 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -298,6 +298,12 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts(); } + @Override + public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) { + super.setSecurityContextRepository(securityContextRepository); + this.securityContextRepository = securityContextRepository; + } + /** * Indicates if the request is elgible to process a service ticket. This method exists * for readability. diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index 46689b42e9..058683fb5c 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,10 @@ package org.springframework.security.cas.web; +import java.io.IOException; + import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; import org.apereo.cas.client.proxy.ProxyGrantingTicketStorage; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Test; @@ -219,4 +222,14 @@ public class CasAuthenticationFilterTests { verify(securityContextRepository).saveContext(any(SecurityContext.class), eq(request), eq(response)); } + @Test + void successfulAuthenticationWhenSecurityContextRepositorySetThenUses() throws ServletException, IOException { + SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class); + CasAuthenticationFilter filter = new CasAuthenticationFilter(); + filter.setSecurityContextRepository(securityContextRepository); + filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(), + new MockFilterChain(), mock(Authentication.class)); + verify(securityContextRepository).saveContext(any(SecurityContext.class), any(), any()); + } + }