Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AuthorizeWebFilter uses ReactiveSecurityContextHolder 

Issue gh-4719
This commit is contained in:
Rob Winch 2017-10-25 16:36:38 -05:00
parent 3bceadd369
commit c63b258b16
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
View File

@ -17,6 +17,9 @@ package org.springframework.security.web.server.authorization;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
@ -37,7 +40,9 @@ public class AuthorizationWebFilter implements WebFilter {
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return accessDecisionManager.verify(exchange.getPrincipal(), exchange)
.switchIfEmpty( Mono.defer(() -> chain.filter(exchange)) );
return ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.as( authentication -> this.accessDecisionManager.verify(authentication, exchange))
.switchIfEmpty(chain.filter(exchange));
}
}