From 97cb2a7d91e96cabc75d17c7b02b00629360466a Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 28 Jun 2022 11:45:35 -0600 Subject: [PATCH] Polish SecurityContextHolderStrategy XML Configuration for Defaults Issue gh-11061 --- .../security/config/http/HttpConfigurationBuilder.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java index 518b16a9b4..b032de68c1 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java @@ -600,6 +600,7 @@ class HttpConfigurationBuilder { this.servApiFilter = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(this.pc, SecurityContextHolderAwareRequestFilterBeanFactory.class); this.servApiFilter.getPropertyValues().add("authenticationManager", authenticationManager); + this.servApiFilter.getPropertyValues().add("securityContextHolderStrategy", this.holderStrategyRef); } } @@ -902,12 +903,20 @@ class HttpConfigurationBuilder { private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter(); + private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder + .getContextHolderStrategy(); + @Override public SecurityContextHolderAwareRequestFilter getBean() { + this.filter.setSecurityContextHolderStrategy(this.securityContextHolderStrategy); this.filter.setRolePrefix(this.rolePrefix); return this.filter; } + void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) { + this.securityContextHolderStrategy = securityContextHolderStrategy; + } + } static class SecurityContextHolderStrategyFactory implements FactoryBean {