Remove workarounds for SecurityContextRepository

spring-projects · Nov 10, 2022 · 8cb615e · 8cb615e
1 parent f4cf722
commit 8cb615e
Show file tree

Hide file tree

Showing 7 changed files with 0 additions and 27 deletions.
diff --git a/...k/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/...k/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java
@@ -34,10 +34,6 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.DelegatingSecurityContextRepository;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.util.ClassUtils;
 
 /**
@@ -71,8 +67,6 @@ SecurityFilterChain managementSecurityFilterChain(HttpSecurity http) throws Exce
 		}
 		http.formLogin(Customizer.withDefaults());
 		http.httpBasic(Customizer.withDefaults());
-		http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository(
-				new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()));
 		return http.build();
 	}
 

diff --git a/...ringframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java b/...ringframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java
@@ -29,10 +29,6 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.DelegatingSecurityContextRepository;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * {@link Configuration @Configuration} class securing servlet applications.
@@ -60,8 +56,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
 			http.authorizeHttpRequests().anyRequest().authenticated();
 			http.formLogin();
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository(
-					new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()));
 			return http.build();
 		}
 

diff --git a/...hod-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/...hod-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java
@@ -31,8 +31,6 @@
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
@@ -95,7 +93,6 @@ SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception {
 			http.securityMatcher(EndpointRequest.toAnyEndpoint());
 			http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			return http.build();
 		}
 

diff --git a/...e-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java b/...e-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java
@@ -21,8 +21,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests to ensure that the error page with a custom servlet path is accessible only to
@@ -51,7 +49,6 @@ SecurityFilterChain configure(HttpSecurity http) throws Exception {
 				requests.anyRequest().fullyAuthenticated();
 			});
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll());
 			return http.build();
 		}

diff --git a/...re/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java b/...re/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java
@@ -20,8 +20,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests for error page that permits access to all with a custom servlet path.
@@ -50,7 +48,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().authenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			return http.build();
 		}

diff --git a/.../spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java b/.../spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java
@@ -21,8 +21,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests to ensure that the error page is accessible only to authorized users.
@@ -49,7 +47,6 @@ SecurityFilterChain configure(HttpSecurity http) throws Exception {
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().fullyAuthenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			http.formLogin((form) -> form.loginPage("/login").permitAll());
 			return http.build();

diff --git a/...oke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java b/...oke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java
@@ -21,8 +21,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests for error page that permits access to all.
@@ -50,7 +48,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().authenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			return http.build();
 		}