Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reactive Basic does not create session by default 

Fixes: gh-4825
This commit is contained in:
Rob Winch 2017-11-15 09:59:51 -06:00
parent 5f79fdd3eb
commit 942b51dba7
4 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
View File

@ -27,6 +27,10 @@ public enum SecurityWebFiltersOrder {
* {@link org.springframework.security.web.server.csrf.CsrfWebFilter} * {@link org.springframework.security.web.server.csrf.CsrfWebFilter}
*/ */
CSRF, CSRF,
/**
* {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
*/
REACTOR_CONTEXT,
/** /**
* Instance of AuthenticationWebFilter * Instance of AuthenticationWebFilter
*/ */
@ -36,10 +40,6 @@ public enum SecurityWebFiltersOrder {
*/ */
FORM_LOGIN, FORM_LOGIN,
AUTHENTICATION, AUTHENTICATION,
/**
* {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
*/
REACTOR_CONTEXT,
LOGIN_PAGE_GENERATING, LOGIN_PAGE_GENERATING,
LOGOUT_PAGE_GENERATING, LOGOUT_PAGE_GENERATING,
/** /**

3
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -229,9 +229,6 @@ public class ServerHttpSecurity {
} }
if(this.httpBasic != null) { if(this.httpBasic != null) {
this.httpBasic.authenticationManager(this.authenticationManager); this.httpBasic.authenticationManager(this.authenticationManager);
if(this.securityContextRepository != null) {
this.httpBasic.securityContextRepository(this.securityContextRepository);
}
this.httpBasic.configure(this); this.httpBasic.configure(this);
} }
if(this.formLogin != null) { if(this.formLogin != null) {

2
config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
View File

@ -100,7 +100,7 @@ public class ServerHttpSecurityTests {
.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")) .expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
.returnResult(); .returnResult();
assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull(); assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
} }
@Test @Test

4
web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.web.server.authentication;
import java.util.function.Function; import java.util.function.Function;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager;
@ -82,7 +83,8 @@ public class AuthenticationWebFilter implements WebFilter {
securityContext.setAuthentication(authentication); securityContext.setAuthentication(authentication);
return this.securityContextRepository.save(exchange, securityContext) return this.securityContextRepository.save(exchange, securityContext)
.then(this.authenticationSuccessHandler .then(this.authenticationSuccessHandler
.onAuthenticationSuccess(webFilterExchange, authentication)); .onAuthenticationSuccess(webFilterExchange, authentication))
.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
} }
public void setSecurityContextRepository( public void setSecurityContextRepository(