Merge branch '6.1.x' into 6.2.x

Closes gh-14536

cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -303,6 +303,18 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 		this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts();
 	}
 
+	@Override
+	public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
+		super.setSecurityContextRepository(securityContextRepository);
+		this.securityContextRepository = securityContextRepository;
+	}
+
+	@Override
+	public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
+		super.setSecurityContextHolderStrategy(securityContextHolderStrategy);
+		this.securityContextHolderStrategy = securityContextHolderStrategy;
+	}
+
 	/**
 	 * Indicates if the request is elgible to process a service ticket. This method exists
 	 * for readability.

cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,10 @@
 
 package org.springframework.security.cas.web;
 
+import java.io.IOException;
+
 import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
 import org.apereo.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
@@ -34,6 +37,8 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.test.util.ReflectionTestUtils;
@@ -219,4 +224,25 @@ public class CasAuthenticationFilterTests {
 		verify(securityContextRepository).saveContext(any(SecurityContext.class), eq(request), eq(response));
 	}
 
+	@Test
+	void successfulAuthenticationWhenSecurityContextRepositorySetThenUses() throws ServletException, IOException {
+		SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		filter.setSecurityContextRepository(securityContextRepository);
+		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).saveContext(any(SecurityContext.class), any(), any());
+	}
+
+	@Test
+	void successfulAuthenticationWhenSecurityContextHolderStrategySetThenUses() throws ServletException, IOException {
+		SecurityContextHolderStrategy securityContextRepository = mock(SecurityContextHolderStrategy.class);
+		given(securityContextRepository.createEmptyContext()).willReturn(new SecurityContextImpl());
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		filter.setSecurityContextHolderStrategy(securityContextRepository);
+		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).setContext(any(SecurityContext.class));
+	}
+
 }