Merge branch '6.2.x'

marcusdacoregio · marcusdacoregio · commit fd3de41c3b8f · 2024-02-02T15:33:33.000-03:00
Closes spring-projectsgh-14537
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -329,6 +329,18 @@ public final void setServiceProperties(final ServiceProperties serviceProperties
 		this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts();
 	}
 
+	@Override
+	public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
+		super.setSecurityContextRepository(securityContextRepository);
+		this.securityContextRepository = securityContextRepository;
+	}
+
+	@Override
+	public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
+		super.setSecurityContextHolderStrategy(securityContextHolderStrategy);
+		this.securityContextHolderStrategy = securityContextHolderStrategy;
+	}
+
 	/**
 	 * Set the {@link RedirectStrategy} used to redirect to the saved request if there is
 	 * one saved. Defaults to {@link DefaultRedirectStrategy}.
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,10 @@
 
 package org.springframework.security.cas.web;
 
+import java.io.IOException;
+
 import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpSession;
 import org.apereo.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.jupiter.api.AfterEach;
@@ -35,6 +38,8 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
@@ -240,4 +245,25 @@ public void attemptAuthenticationWhenNoServiceTicketAndIsGatewayRequestThenRedir
 			.isNull();
 	}
 
+	@Test
+	void successfulAuthenticationWhenSecurityContextRepositorySetThenUses() throws ServletException, IOException {
+		SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		filter.setSecurityContextRepository(securityContextRepository);
+		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).saveContext(any(SecurityContext.class), any(), any());
+	}
+
+	@Test
+	void successfulAuthenticationWhenSecurityContextHolderStrategySetThenUses() throws ServletException, IOException {
+		SecurityContextHolderStrategy securityContextRepository = mock(SecurityContextHolderStrategy.class);
+		given(securityContextRepository.createEmptyContext()).willReturn(new SecurityContextImpl());
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		filter.setSecurityContextHolderStrategy(securityContextRepository);
+		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).setContext(any(SecurityContext.class));
+	}
+
 }
