Polish SecurityContextHolderStrategy XML Configuration for Defaults

Issue gh-11061
2022-06-23 15:43:55 -06:00 · 2022-06-23 15:43:55 -06:00 · c29b91cec7
parent 084dd56b92
commit c29b91cec7
3 changed files with 17 additions and 19 deletions
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@ -215,7 +215,7 @@ final class AuthenticationConfigBuilder {

 	AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc,
 			SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager,
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef,
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
 			BeanReference authenticationFilterSecurityContextRepositoryRef, BeanReference sessionStrategy,
 			BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
 		this.httpElt = element;
@ -272,7 +272,7 @@ final class AuthenticationConfigBuilder {
 	}

 	void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager,
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef,
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
 			BeanReference authenticationFilterSecurityContextRepositoryRef) {
 		Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
 		RootBeanDefinition formFilter = null;
@ -442,7 +442,7 @@ final class AuthenticationConfigBuilder {
 	}

 	void createBasicFilter(BeanReference authManager,
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 		Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
 		if (basicAuthElt == null && !this.autoConfig) {
 			// No basic auth, do nothing
@ -612,7 +612,7 @@ final class AuthenticationConfigBuilder {
 		}
 	}

-	void createLogoutFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
+	void createLogoutFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 		Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT);
 		if (logoutElt != null || this.autoConfig) {
 			String formLoginPage = this.formLoginPage;
@ -677,7 +677,7 @@ final class AuthenticationConfigBuilder {
 		return this.csrfIgnoreRequestMatchers;
 	}

-	void createAnonymousFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
+	void createAnonymousFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 		Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS);
 		if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
 			return;
@ -723,7 +723,7 @@ final class AuthenticationConfigBuilder {
 		return Long.toString(random.nextLong());
 	}

-	void createExceptionTranslationFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
+	void createExceptionTranslationFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 		BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
 		this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
 		etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -160,7 +160,7 @@ class HttpConfigurationBuilder {

 	private BeanDefinition forceEagerSessionCreationFilter;

-	private BeanReference holderStrategyRef;
+	private BeanMetadataElement holderStrategyRef;

 	private BeanReference contextRepoRef;

@ -301,7 +301,7 @@ class HttpConfigurationBuilder {
 		return lowerCase ? path.toLowerCase() : path;
 	}

-	BeanReference getSecurityContextHolderStrategyForAuthenticationFilters() {
+	BeanMetadataElement getSecurityContextHolderStrategyForAuthenticationFilters() {
 		return this.holderStrategyRef;
 	}

@ -350,13 +350,12 @@ class HttpConfigurationBuilder {

 	private void createSecurityContextHolderStrategy() {
 		String holderStrategyRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_HOLDER_STRATEGY);
-		if (!StringUtils.hasText(holderStrategyRef)) {
-			BeanDefinition holderStrategyBean = BeanDefinitionBuilder
-					.rootBeanDefinition(SecurityContextHolderStrategyFactory.class).getBeanDefinition();
-			holderStrategyRef = this.pc.getReaderContext().generateBeanName(holderStrategyBean);
-			this.pc.registerBeanComponent(new BeanComponentDefinition(holderStrategyBean, holderStrategyRef));
+		if (StringUtils.hasText(holderStrategyRef)) {
+			this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef);
+			return;
 		}
-		this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef);
+		this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class)
+				.getBeanDefinition();
 	}

 	private void createSecurityContextRepository() {
--- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@ import org.w3c.dom.Element;

 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.BeanReference;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.ManagedList;
@ -62,10 +61,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {

 	private BeanMetadataElement logoutSuccessHandler;

-	private BeanReference authenticationFilterSecurityContextHolderStrategyRef;
+	private BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef;

 	LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler,
-			BeanReference authenticationFilterSecurityContextHolderStrategyRef) {
+			BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
 		this.defaultLogoutUrl = loginPageUrl + "?logout";
 		this.rememberMeServices = rememberMeServices;
 		this.csrfEnabled = csrfLogoutHandler != null;