Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible misconfiguration of SecurityContextRepository #12023

Closed
mbhave opened this issue Oct 14, 2022 · 1 comment
Closed

Possible misconfiguration of SecurityContextRepository #12023

mbhave opened this issue Oct 14, 2022 · 1 comment
Assignees
@sjohnr
Labels
in: config An issue in spring-security-config type: bug A general bug
Milestone
6.0.0-RC1

Comments

@mbhave
Copy link
Contributor

mbhave commented Oct 14, 2022

The default SecurityContextRepository for stateless applications is now RequestAttributeSecurityContextRepository. However, SecurityContextConfigurer sets the SecurityContextRepository to HttpSessionSecurityContextRepository if it isn't already set as a shared object. This results in the context being saved by the RequestAttributeSecurityContextRepository but loaded from HttpSessionSecurityContextRepository for an error dispatch.
@mbhave mbhave added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Oct 14, 2022
@sjohnr sjohnr added the in: config An issue in spring-security-config label Oct 15, 2022
@sjohnr
Copy link
Member

sjohnr commented Oct 15, 2022
edited
Loading

Changes related to this issue included in 5.8.0-RC1:

  • Add DeferredSecurityContext interface
  • Add loadDeferredContext(request) in SecurityContextRepository
  • Deprecate loadContext(request) in SecurityContextRepository
  • Add DelegatingSecurityContextRepository

Related gh-11026

@sjohnr sjohnr self-assigned this Oct 15, 2022
@sjohnr sjohnr added this to the 6.0.0-RC1 milestone Oct 15, 2022
sjohnr pushed a commit to sjohnr/spring-security that referenced this issue Oct 17, 2022
Add DelegatingSecurityContextRepository
13e6511 
Issue spring-projectsgh-12023
sjohnr pushed a commit to sjohnr/spring-security that referenced this issue Oct 17, 2022
Add DeferredSecurityContext
d3edded 
Issue spring-projectsgh-12023
sjohnr pushed a commit to sjohnr/spring-security that referenced this issue Oct 18, 2022
Add DelegatingSecurityContextRepository
12cd718 
Issue spring-projectsgh-12023
@sjohnr sjohnr added type: breaks-passivity A change that breaks passivity with the previous release and removed status: waiting-for-triage An issue we've not yet triaged type: breaks-passivity A change that breaks passivity with the previous release labels Oct 18, 2022
@sjohnr sjohnr mentioned this issue Oct 18, 2022
Closed
sjohnr pushed a commit that referenced this issue Oct 18, 2022
Add DeferredSecurityContext
c75ca10 
Issue gh-12023
sjohnr pushed a commit that referenced this issue Oct 18, 2022
Add DelegatingSecurityContextRepository
acc35ae 
Issue gh-12023
sjohnr pushed a commit that referenced this issue Oct 18, 2022
Fix imports in DelegatingSecurityContextRepository
e238b72 
Issue gh-12023
@sjohnr sjohnr closed this as completed in 33b492d Oct 18, 2022
@sjohnr sjohnr moved this to Done in Spring Security Team Oct 18, 2022
@sjohnr sjohnr mentioned this issue Oct 19, 2022
Closed
sjohnr pushed a commit that referenced this issue Nov 9, 2022
Document deprecation in SecurityContextRepository
2e41e1c 
Issue gh-12023
sjohnr pushed a commit that referenced this issue Nov 9, 2022
Document deprecation in SecurityContextRepository
7b28df8 
Issue gh-12023
sjohnr pushed a commit that referenced this issue Nov 14, 2022
Polish migration doc
03b407a 
Issue gh-12023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
in: config An issue in spring-security-config type: bug A general bug
Projects
Spring Security Team
Archived in project
Milestone
6.0.0-RC1
Development

No branches or pull requests
2 participants
@mbhave @sjohnr