Skip to content

Commit 38e9e8c

Browse files
rwinchrwinch
committed
Optimize HttpSessionSecurityContextRepository
Closes gh-9387
1 parent 996ccc0 commit 38e9e8c

File tree

1 file changed

+5
-9
lines changed

1 file changed

+5
-9
lines changed

web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -142,13 +142,7 @@ public void saveContext(SecurityContext context, HttpServletRequest request,
142142
+ response
143143
+ ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
144144
}
145-
// saveContext() might already be called by the response wrapper
146-
// if something in the chain called sendError() or sendRedirect(). This ensures we
147-
// only call it
148-
// once per request.
149-
if (!responseWrapper.isContextSaved()) {
150-
responseWrapper.saveContext(context);
151-
}
145+
responseWrapper.saveContext(context);
152146
}
153147

154148
public boolean containsContext(HttpServletRequest request) {
@@ -305,6 +299,7 @@ final class SaveToSessionResponseWrapper extends
305299
private final boolean httpSessionExistedAtStartOfRequest;
306300
private final SecurityContext contextBeforeExecution;
307301
private final Authentication authBeforeExecution;
302+
private boolean isSaveContextInvoked;
308303

309304
/**
310305
* Takes the parameters required to call <code>saveContext()</code> successfully
@@ -355,6 +350,7 @@ protected void saveContext(SecurityContext context) {
355350
// SEC-1587 A non-anonymous context may still be in the session
356351
// SEC-1735 remove if the contextBeforeExecution was not anonymous
357352
httpSession.removeAttribute(springSecurityContextKey);
353+
this.isSaveContextInvoked = true;
358354
}
359355
return;
360356
}
@@ -371,7 +367,7 @@ protected void saveContext(SecurityContext context) {
371367
if (contextChanged(context)
372368
|| httpSession.getAttribute(springSecurityContextKey) == null) {
373369
httpSession.setAttribute(springSecurityContextKey, context);
374-
370+
this.isSaveContextInvoked = true;
375371
if (logger.isDebugEnabled()) {
376372
logger.debug("SecurityContext '" + context
377373
+ "' stored to HttpSession: '" + httpSession);
@@ -381,7 +377,7 @@ protected void saveContext(SecurityContext context) {
381377
}
382378

383379
private boolean contextChanged(SecurityContext context) {
384-
return context != contextBeforeExecution
380+
return this.isSaveContextInvoked || context != contextBeforeExecution
385381
|| context.getAuthentication() != authBeforeExecution;
386382
}
387383

0 commit comments

Comments
 (0)