Extract createSecurityContextRepository()

Extract out method in preparation for adding SecurityContextHolderFilter configuration. Issue gh-9635
2022-03-11 14:56:19 -06:00 · 2022-03-11 14:56:19 -06:00 · dbcb5004b4
parent e4f1826622
commit dbcb5004b4
1 changed files with 19 additions and 12 deletions
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@ -202,6 +202,7 @@ class HttpConfigurationBuilder {
 		this.sessionPolicy = !StringUtils.hasText(createSession) ? SessionCreationPolicy.IF_REQUIRED
 				: createPolicy(createSession);
 		createCsrfFilter();
+		createSecurityContextRepository();
 		createSecurityContextPersistenceFilter();
 		createSessionManagementFilters();
 		createWebAsyncManagerFilter();
@ -280,17 +281,29 @@ class HttpConfigurationBuilder {

 	private void createSecurityContextPersistenceFilter() {
 		BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
+		String disableUrlRewriting = this.httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
+		switch (this.sessionPolicy) {
+		case ALWAYS:
+			scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
+			break;
+		case NEVER:
+			scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
+			break;
+		default:
+			scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
+		}
+		scpf.addConstructorArgValue(this.contextRepoRef);
+
+		this.securityContextPersistenceFilter = scpf.getBeanDefinition();
+	}
+
+	private void createSecurityContextRepository() {
 		String repoRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
 		String disableUrlRewriting = this.httpElt.getAttribute(ATT_DISABLE_URL_REWRITING);
 		if (!StringUtils.hasText(disableUrlRewriting)) {
 			disableUrlRewriting = "true";
 		}
-		if (StringUtils.hasText(repoRef)) {
-			if (this.sessionPolicy == SessionCreationPolicy.ALWAYS) {
-				scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
-			}
-		}
-		else {
+		if (!StringUtils.hasText(repoRef)) {
 			BeanDefinitionBuilder contextRepo;
 			if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
 				contextRepo = BeanDefinitionBuilder.rootBeanDefinition(NullSecurityContextRepository.class);
@ -300,15 +313,12 @@ class HttpConfigurationBuilder {
 				switch (this.sessionPolicy) {
 				case ALWAYS:
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
-					scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
 					break;
 				case NEVER:
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.FALSE);
-					scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
 					break;
 				default:
 					contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
-					scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
 				}
 				if ("true".equals(disableUrlRewriting)) {
 					contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
@ -320,9 +330,6 @@ class HttpConfigurationBuilder {
 		}

 		this.contextRepoRef = new RuntimeBeanReference(repoRef);
-		scpf.addConstructorArgValue(this.contextRepoRef);
-
-		this.securityContextPersistenceFilter = scpf.getBeanDefinition();
 	}

 	private void createSessionManagementFilters() {