Optimize SecurityReactorContextConfiguration

jgrandja · jgrandja · commit 0fea57d6a1e0 · 2019-09-27T14:46:39.000-04:00
Issue gh-7422
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java
@@ -23,7 +23,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.util.CollectionUtils;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import reactor.core.CoreSubscriber;
@@ -70,7 +69,7 @@ public void afterPropertiesSet() throws Exception {
 					Operators.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
 
 			Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, pub -> {
-				if (CollectionUtils.isEmpty(getContextAttributes())) {
+				if (!contextAttributesAvailable()) {
 					// No need to decorate so return original Publisher
 					return pub;
 				}
@@ -91,6 +90,22 @@ <T> CoreSubscriber<T> createSubscriberIfNecessary(CoreSubscriber<T> delegate) {
 			return new SecurityReactorContextSubscriber<>(delegate, getContextAttributes());
 		}
 
+		private static boolean contextAttributesAvailable() {
+			HttpServletRequest servletRequest = null;
+			HttpServletResponse servletResponse = null;
+			ServletRequestAttributes requestAttributes =
+					(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+			if (requestAttributes != null) {
+				servletRequest = requestAttributes.getRequest();
+				servletResponse = requestAttributes.getResponse();
+			}
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			if (authentication != null || servletRequest != null || servletResponse != null) {
+				return true;
+			}
+			return false;
+		}
+
 		private static Map<Object, Object> getContextAttributes() {
 			HttpServletRequest servletRequest = null;
 			HttpServletResponse servletResponse = null;
