diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index 050d941b1b..a09e36cf08 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -215,7 +215,7 @@ final class AuthenticationConfigBuilder { AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc, SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager, - BeanReference authenticationFilterSecurityContextHolderStrategyRef, + BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef, BeanReference authenticationFilterSecurityContextRepositoryRef, BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) { this.httpElt = element; @@ -272,7 +272,7 @@ final class AuthenticationConfigBuilder { } void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager, - BeanReference authenticationFilterSecurityContextHolderStrategyRef, + BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef, BeanReference authenticationFilterSecurityContextRepositoryRef) { Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN); RootBeanDefinition formFilter = null; @@ -442,7 +442,7 @@ final class AuthenticationConfigBuilder { } void createBasicFilter(BeanReference authManager, - BeanReference authenticationFilterSecurityContextHolderStrategyRef) { + BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) { Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH); if (basicAuthElt == null && !this.autoConfig) { // No basic auth, do nothing @@ -612,7 +612,7 @@ final class AuthenticationConfigBuilder { } } - void createLogoutFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { + void createLogoutFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) { Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT); if (logoutElt != null || this.autoConfig) { String formLoginPage = this.formLoginPage; @@ -677,7 +677,7 @@ final class AuthenticationConfigBuilder { return this.csrfIgnoreRequestMatchers; } - void createAnonymousFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { + void createAnonymousFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) { Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS); if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) { return; @@ -723,7 +723,7 @@ final class AuthenticationConfigBuilder { return Long.toString(random.nextLong()); } - void createExceptionTranslationFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { + void createExceptionTranslationFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) { BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class); this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc); etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler); diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java index 9567b41551..522ebc9dde 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -160,7 +160,7 @@ class HttpConfigurationBuilder { private BeanDefinition forceEagerSessionCreationFilter; - private BeanReference holderStrategyRef; + private BeanMetadataElement holderStrategyRef; private BeanReference contextRepoRef; @@ -301,7 +301,7 @@ class HttpConfigurationBuilder { return lowerCase ? path.toLowerCase() : path; } - BeanReference getSecurityContextHolderStrategyForAuthenticationFilters() { + BeanMetadataElement getSecurityContextHolderStrategyForAuthenticationFilters() { return this.holderStrategyRef; } @@ -350,13 +350,12 @@ class HttpConfigurationBuilder { private void createSecurityContextHolderStrategy() { String holderStrategyRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_HOLDER_STRATEGY); - if (!StringUtils.hasText(holderStrategyRef)) { - BeanDefinition holderStrategyBean = BeanDefinitionBuilder - .rootBeanDefinition(SecurityContextHolderStrategyFactory.class).getBeanDefinition(); - holderStrategyRef = this.pc.getReaderContext().generateBeanName(holderStrategyBean); - this.pc.registerBeanComponent(new BeanComponentDefinition(holderStrategyBean, holderStrategyRef)); + if (StringUtils.hasText(holderStrategyRef)) { + this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef); + return; } - this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef); + this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class) + .getBeanDefinition(); } private void createSecurityContextRepository() { diff --git a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java index f7f4a4ec0d..f1072cce83 100644 --- a/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ import org.w3c.dom.Element; import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.config.BeanReference; import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.ManagedList; @@ -62,10 +61,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser { private BeanMetadataElement logoutSuccessHandler; - private BeanReference authenticationFilterSecurityContextHolderStrategyRef; + private BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef; LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler, - BeanReference authenticationFilterSecurityContextHolderStrategyRef) { + BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) { this.defaultLogoutUrl = loginPageUrl + "?logout"; this.rememberMeServices = rememberMeServices; this.csrfEnabled = csrfLogoutHandler != null;