spring-security-kerberos icon indicating copy to clipboard operation
spring-security-kerberos copied to clipboard
verified publisher icon spring-projects

Allow to provide SecurityContextRepository and SecurityContextHolderStrategy to be used

Open dodgex opened this issue 1 year ago • 1 comments

In this PR I added fields for a SecurityContextRepository and a SecurityContextHolderStrategy und use them similar to AbstractAuthenticationProcessingFilter#successfulAuthentication to store the SecurityContext in the SecurityContextRepository. By default it uses RequestAttributeSecurityContextRepository wich is the same as in the AbstractAuthenticationProcessingFilter.

To finally achieve the expected result for #185 we have to configure the SpnegoAuthenticationProcessingFilter with at least a HttpSessionSecurityContextRepository or better (as far as I can tell from checking what spring-security is doing) with new DelegatingSecurityContextRepository(new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()). Using http.getConfigurer(SecurityContextConfigurer.class); should also work if the http object is available when creating the SPNEGO Filter.

Fixes #185

I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.

dodgex avatar Jul 11 '24 07:07 dodgex

Please merge this PR! The temporary fix detailed in issue #185 and integrated here solves problems we've seen in live systems.

busoco-sjb avatar Feb 04 '25 13:02 busoco-sjb

Thanks for the Pull Request! This is now merged into main :smile:

rwinch avatar Jul 03 '25 16:07 rwinch