Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Immutable SecurityContext

Browse Source 
Issue gh-10032
This commit is contained in:
Josh Cummings
2021-07-28 12:44:46 -06:00
parent 3ab6bee856
commit b8d51725c7
15 changed files with 66 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
remoting/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
+4 -1
View File
@@ -27,6 +27,7 @@ import org.springframework.remoting.support.RemoteInvocation;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
/**
@@ -97,7 +98,9 @@ public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
if (this.principal != null) {
Authentication request = createAuthenticationRequest(this.principal, this.credentials);
request.setAuthenticated(false);
SecurityContextHolder.getContext().setAuthentication(request);
SecurityContext context = SecurityContextHolder.createEmptyContext();
context.setAuthentication(request);
SecurityContextHolder.setContext(context);
logger.debug(LogMessage.format("Set SecurityContextHolder to contain: %s", request));
}
try {