Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in documentation of Storing the Authentication manually #12850

Closed
ghoshbishakh opened this issue Mar 8, 2023 · 2 comments
Closed

Bug in documentation of Storing the Authentication manually #12850

ghoshbishakh opened this issue Mar 8, 2023 · 2 comments
Assignees
@marcusdacoregio
Labels
in: docs An issue in Documentation or samples type: bug A general bug
Milestone
5.8.3

Comments

@ghoshbishakh
Copy link
Contributor

In the documentation Storing the Authentication manually:
https://docs.spring.io/spring-security/reference/servlet/authentication/session-management.html#store-authentication-manually, the line securityContextHolderStrategy.setContext(authentication); should be securityContextHolderStrategy.setContext(context);

Original snippet:

@PostMapping("/login")
public void login(@RequestBody LoginRequest loginRequest, HttpServletRequest request, HttpServletResponse response) { 
    UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated(
        loginRequest.getUsername(), loginRequest.getPassword()); 
    Authentication authentication = authenticationManager.authenticate(token); 
    SecurityContext context = securityContextHolderStrategy.createEmptyContext();
    context.setAuthentication(authentication); 
    securityContextHolderStrategy.setContext(authentication);
    securityContextRepository.saveContext(context, request, response); 
}

As per my understanding it should be:

@PostMapping("/login")
public void login(@RequestBody LoginRequest loginRequest, HttpServletRequest request, HttpServletResponse response) { 
    UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated(
        loginRequest.getUsername(), loginRequest.getPassword()); 
    Authentication authentication = authenticationManager.authenticate(token); 
    SecurityContext context = securityContextHolderStrategy.createEmptyContext();
    context.setAuthentication(authentication); 
    securityContextHolderStrategy.setContext(context);
    securityContextRepository.saveContext(context, request, response); 
}
@ghoshbishakh ghoshbishakh added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Mar 8, 2023
@marcusdacoregio
Copy link
Contributor

Hi @ghoshbishakh, nice catch.

Are you interested in submitting a PR that fixes the documentation? The PR should target the 5.8.x branch since this is the oldest supported branch that the problem happens.

@marcusdacoregio marcusdacoregio self-assigned this Mar 9, 2023
@marcusdacoregio marcusdacoregio added in: docs An issue in Documentation or samples and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 9, 2023
ghoshbishakh added a commit to ghoshbishakh/spring-security that referenced this issue Mar 9, 2023
@ghoshbishakh
Fix documentation code block bug
2027407 
Fixes spring-projects#12850
@ghoshbishakh ghoshbishakh mentioned this issue Mar 9, 2023
Merged
@ghoshbishakh
Copy link
Contributor Author

@marcusdacoregio I opened a PR. Please forgive any mistakes as this is my first PR here. Thanks.

@marcusdacoregio marcusdacoregio added this to the 5.8.3 milestone Mar 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
None yet
Milestone
5.8.3
Development

No branches or pull requests
2 participants
@ghoshbishakh @marcusdacoregio