diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java index b4733c3c4a..5a33aeb521 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java @@ -25,6 +25,7 @@ import org.springframework.security.web.server.AuthenticationEntryPoint; import org.springframework.security.web.server.HttpBasicAuthenticationConverter; import org.springframework.security.web.server.authentication.www.HttpBasicAuthenticationEntryPoint; import org.springframework.security.web.server.context.SecurityContextRepository; +import org.springframework.security.web.server.context.SecurityContextRepositoryServerWebExchange; import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextRepository; import org.springframework.util.Assert; import org.springframework.web.server.ServerWebExchange; @@ -58,14 +59,19 @@ public class AuthenticationWebFilter implements WebFilter { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { - return this.authenticationConverter.apply(exchange) - .switchIfEmpty(Mono.defer(() -> chain.filter(exchange).cast(Authentication.class))) + ServerWebExchange wrappedExchange = wrap(exchange); + return this.authenticationConverter.apply(wrappedExchange) + .switchIfEmpty(Mono.defer(() -> chain.filter(wrappedExchange).cast(Authentication.class))) .flatMap( token -> this.authenticationManager.authenticate(token) - .flatMap(authentication -> onAuthenticationSuccess(authentication, exchange, chain)) - .onErrorResume( AuthenticationException.class, t -> this.entryPoint.commence(exchange, t)) + .flatMap(authentication -> onAuthenticationSuccess(authentication, wrappedExchange, chain)) + .onErrorResume( AuthenticationException.class, t -> this.entryPoint.commence(wrappedExchange, t)) ); } + private ServerWebExchange wrap(ServerWebExchange exchange) { + return new SecurityContextRepositoryServerWebExchange(exchange, this.securityContextRepository); + } + private Mono onAuthenticationSuccess(Authentication authentication, ServerWebExchange exchange, WebFilterChain chain) { SecurityContextImpl securityContext = new SecurityContextImpl(); securityContext.setAuthentication(authentication); diff --git a/webflux/src/main/java/org/springframework/security/web/server/context/SecurityContextRepositoryServerWebExchange.java b/webflux/src/main/java/org/springframework/security/web/server/context/SecurityContextRepositoryServerWebExchange.java index dfa480a2d1..a617c587d9 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/context/SecurityContextRepositoryServerWebExchange.java +++ b/webflux/src/main/java/org/springframework/security/web/server/context/SecurityContextRepositoryServerWebExchange.java @@ -28,7 +28,7 @@ import reactor.core.publisher.Mono; * @author Rob Winch * @since 5.0 */ -final class SecurityContextRepositoryServerWebExchange extends ServerWebExchangeDecorator { +public class SecurityContextRepositoryServerWebExchange extends ServerWebExchangeDecorator { private final SecurityContextRepository repository; public SecurityContextRepositoryServerWebExchange(ServerWebExchange delegate, SecurityContextRepository repository) {