Merge branch '6.2.x'
This commit is contained in:
@@ -26,10 +26,13 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
|
||||
/**
|
||||
* An authentication handler that saves an authentication either way.
|
||||
@@ -43,6 +46,8 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A
|
||||
|
||||
private final AuthenticationSuccessHandler successHandler;
|
||||
|
||||
private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
|
||||
|
||||
public MfaAuthenticationHandler(String url) {
|
||||
SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler(url);
|
||||
successHandler.setAlwaysUseDefaultTargetUrl(true);
|
||||
@@ -65,7 +70,9 @@ public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, A
|
||||
|
||||
private void saveMfaAuthentication(HttpServletRequest request, HttpServletResponse response,
|
||||
Authentication authentication) throws IOException, ServletException {
|
||||
SecurityContextHolder.getContext().setAuthentication(new MfaAuthentication(authentication));
|
||||
SecurityContext context = SecurityContextHolder.getContext();
|
||||
context.setAuthentication(new MfaAuthentication(authentication));
|
||||
this.securityContextRepository.saveContext(context, request, response);
|
||||
this.successHandler.onAuthenticationSuccess(request, response, authentication);
|
||||
}
|
||||
|
||||
|
||||
@@ -63,8 +63,7 @@ public class SecurityConfig {
|
||||
return filter;
|
||||
}
|
||||
})
|
||||
)
|
||||
.securityContext((context) -> context.requireExplicitSave(false));
|
||||
);
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
logging.level.org.springframework.security=TRACE
|
||||
Reference in New Issue
Block a user