diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java index 2542fcb438..58dd5f9e10 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java @@ -380,6 +380,9 @@ public final class SessionManagementConfigurer> http.setSharedObject(SecurityContextRepository.class, defaultRepository); } } + else { + this.sessionManagementSecurityContextRepository = securityContextRepository; + } RequestCache requestCache = http.getSharedObject(RequestCache.class); if (requestCache == null) { if (stateless) { diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java index c4564441db..989948a82a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java @@ -125,6 +125,18 @@ public class SessionManagementConfigurerTests { this.mvc.perform(get("/")); } + @Test + public void sessionManagementWhenSecurityContextRepositoryIsConfiguredThenUseIt() throws Exception { + SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO = mock(SecurityContextRepository.class); + given(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO + .loadDeferredContext(any(HttpServletRequest.class))) + .willReturn(new TestDeferredSecurityContext(mock(SecurityContext.class), false)); + this.spring.register(SessionManagementSecurityContextRepositoryConfig.class).autowire(); + this.mvc.perform(get("/")); + verify(SessionManagementSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO) + .containsContext(any(HttpServletRequest.class)); + } + @Test public void sessionManagementWhenInvokedTwiceThenUsesOriginalSessionCreationPolicy() throws Exception { this.spring.register(InvokeTwiceDoesNotOverride.class).autowire();