Merge branch '5.8.x' into 6.0.x

Closes gh-12836
2025-05-31 01:02:14 +00:00 · 2023-03-07 13:28:31 -03:00 · 2023-03-07 13:28:31 -03:00 · cdc0fa0e5b
commit cdc0fa0e5b
parent c06e604278 2e92dad761
2 changed files with 5 additions and 4 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java
@ -59,6 +59,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.util.UrlUtils;
@ -148,7 +149,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv

 	private AuthenticationFailureHandler failureHandler;

-	private SecurityContextRepository securityContextRepository = new RequestAttributeSecurityContextRepository();
+	private SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();

 	@Override
 	public void afterPropertiesSet() {
--- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java
@ -49,7 +49,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.util.FieldUtils;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.test.util.ReflectionTestUtils;
@ -510,10 +510,10 @@ public class SwitchUserFilterTests {
 	}

 	@Test
-	void filterWhenDefaultSecurityContextRepositoryThenRequestAttributeRepository() {
+	void filterWhenDefaultSecurityContextRepositoryThenHttpSessionRepository() {
 		SwitchUserFilter switchUserFilter = new SwitchUserFilter();
 		assertThat(ReflectionTestUtils.getField(switchUserFilter, "securityContextRepository"))
-				.isInstanceOf(RequestAttributeSecurityContextRepository.class);
+				.isInstanceOf(HttpSessionSecurityContextRepository.class);
 	}

 	@Test