mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-25 00:46:42 +00:00
2abeff2089
Previously, the HttpSessionSecurityContextRepository unnecessarily required the HttpServletResponse from the HttpReqeustResponseHolder passed into loadContext. This meant code that wanted to save a SecurityContext had to have a reference to the original HttpRequestResponseHolder. Often that implied that the code that saves the SecurityContext must also load the SecurityContext. This change allows any request / response to be used to save the SecurityContext which means any code can save the SecurityContext not just the code that loaded it. This sets up the code to be permit requiring explicit saves. Using the request/response from the HttpRequestResponseHolder is only necessary for implicit saves. Closes gh-10947