Skip to content

HttpSessionSecurityContextRepository saves with original response #10947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #10949
rwinch opened this issue Mar 9, 2022 · 0 comments
Closed
Tracked by #10949

HttpSessionSecurityContextRepository saves with original response #10947

rwinch opened this issue Mar 9, 2022 · 0 comments
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.7.0-M3

Comments

@rwinch
Copy link
Member

rwinch commented Mar 9, 2022

Rather than requiring the wrapped request/response we should allow any HttpServletRequest/HttpServletResponse can be used to save the SecurityContext. This will allow for explicit saves vs implicit saves that happen with the response is committed.
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Mar 9, 2022
@rwinch rwinch added this to the 5.7.0-M3 milestone Mar 9, 2022
@rwinch rwinch self-assigned this Mar 9, 2022
@rwinch rwinch mentioned this issue Mar 9, 2022
Closed
@rwinch rwinch changed the title HttpSecurityContextRepository Can Save Any HttpServletRequest/Response HttpSessionSecurityContextRepository saves with original response Mar 9, 2022
rwinch added a commit that referenced this issue Mar 9, 2022
@rwinch
HttpSessionSecurityContextRepository saves with original response
65ec265 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
@rwinch rwinch closed this as completed in 2abeff2 Mar 9, 2022
@rwinch rwinch mentioned this issue Mar 9, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.7.0-M3
Development

No branches or pull requests
1 participant
@rwinch