From 345bd64cf7e019d3b9ea3c799c6af70b38924c58 Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Wed, 24 Jan 2024 11:31:18 -0300 Subject: [PATCH] Fix MFA sample --- .../src/main/java/example/MfaAuthenticationHandler.java | 9 ++++++++- .../mfa/src/main/java/example/SecurityConfig.java | 3 +-- .../mfa/src/main/resources/application.properties | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties diff --git a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java index 8187a89..824e340 100644 --- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java +++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/MfaAuthenticationHandler.java @@ -26,10 +26,13 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; +import org.springframework.security.web.context.HttpSessionSecurityContextRepository; +import org.springframework.security.web.context.SecurityContextRepository; /** * An authentication handler that saves an authentication either way. @@ -43,6 +46,8 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A private final AuthenticationSuccessHandler successHandler; + private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository(); + public MfaAuthenticationHandler(String url) { SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler(url); successHandler.setAlwaysUseDefaultTargetUrl(true); @@ -65,7 +70,9 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A private void saveMfaAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { - SecurityContextHolder.getContext().setAuthentication(new MfaAuthentication(authentication)); + SecurityContext context = SecurityContextHolder.getContext(); + context.setAuthentication(new MfaAuthentication(authentication)); + this.securityContextRepository.saveContext(context, request, response); this.successHandler.onAuthenticationSuccess(request, response, authentication); } diff --git a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java index 40f08df..dcccbcc 100644 --- a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java +++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/java/example/SecurityConfig.java @@ -63,8 +63,7 @@ public class SecurityConfig { return filter; } }) - ) - .securityContext((context) -> context.requireExplicitSave(false)); + ); // @formatter:on return http.build(); } diff --git a/servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties new file mode 100644 index 0000000..4fbece0 --- /dev/null +++ b/servlet/spring-boot/java/authentication/username-password/mfa/src/main/resources/application.properties @@ -0,0 +1 @@ +logging.level.org.springframework.security=TRACE