CasAuthenticationFilter should save context in SecurityContextRepository

Closes spring-projectsgh-13243
marcusdacoregio · Jun 1, 2023 · a83d7fc · a83d7fc
1 parent d4c349d
commit a83d7fc
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -42,6 +42,7 @@
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -192,10 +193,12 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 
 	private AuthenticationFailureHandler proxyFailureHandler = new SimpleUrlAuthenticationFailureHandler();
 
+	private SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();;
+
 	public CasAuthenticationFilter() {
 		super("/login/cas");
 		setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
-		setSecurityContextRepository(new HttpSessionSecurityContextRepository());
+		setSecurityContextRepository(this.securityContextRepository);
 	}
 
 	@Override
@@ -211,6 +214,7 @@ protected final void successfulAuthentication(HttpServletRequest request, HttpSe
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authResult);
 		SecurityContextHolder.setContext(context);
+		this.securityContextRepository.saveContext(context, request, response);
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}
@@ -294,6 +298,12 @@ public final void setServiceProperties(final ServiceProperties serviceProperties
 		this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts();
 	}
 
+	@Override
+	public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
+		super.setSecurityContextRepository(securityContextRepository);
+		this.securityContextRepository = securityContextRepository;
+	}
+
 	/**
 	 * Indicates if the request is elgible to process a service ticket. This method exists
 	 * for readability.