diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java index fae05d41da..5bfff5684e 100644 --- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java @@ -123,10 +123,12 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo this.logger.trace(LogMessage.format("Created %s", context)); } } - SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request, - httpSession != null, context); - requestResponseHolder.setResponse(wrappedResponse); - requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse)); + if (response != null) { + SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request, + httpSession != null, context); + requestResponseHolder.setResponse(wrappedResponse); + requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse)); + } return context; } diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java index 8a460db598..9539e3453d 100644 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java +++ b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java @@ -134,6 +134,14 @@ public class HttpSessionSecurityContextRepositoryTests { assertThat(request.getSession(false)).isNull(); } + @Test + public void loadContextWhenNullResponse() { + HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); + MockHttpServletRequest request = new MockHttpServletRequest(); + HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, null); + assertThat(repo.loadContext(holder)).isEqualTo(SecurityContextHolder.createEmptyContext()); + } + @Test public void existingContextIsSuccessFullyLoadedFromSessionAndSavedBack() { HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();