adding of scope 'session' to MidpointProviderManager bean

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/BasicWebSecurityConfig.java

@@ -27,7 +27,6 @@
 import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -55,6 +54,8 @@
 import java.util.List;
 import java.util.UUID;
 
+import org.springframework.web.context.annotation.SessionScope;
+
 /**
  * @author skublik
  */
@@ -194,8 +195,9 @@ protected void configure(HttpSecurity http) throws Exception {
     }
 
     @Bean
+    @SessionScope
     @Override
-    protected AuthenticationManager authenticationManager() throws Exception {
+    protected MidpointAuthenticationManager authenticationManager() throws Exception {
         List<AuthenticationProvider> providers = new ArrayList<AuthenticationProvider>();
         return new MidpointProviderManager(providers);
     }

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidpointAuthenticationManager.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2010-2019 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.web.security;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+
+import java.util.List;
+
+/**
+ * @author skublik
+ */
+
+public interface MidpointAuthenticationManager extends AuthenticationManager {
+    public List<AuthenticationProvider> getProviders();
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidpointProviderManager.java

@@ -17,7 +17,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-public class MidpointProviderManager implements AuthenticationManager {
+public class MidpointProviderManager implements MidpointAuthenticationManager {
 
     private static final Trace LOGGER = TraceManager.getTrace(MidpointProviderManager.class);
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/filter/MidpointAuthFilter.java

@@ -14,6 +14,7 @@
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.web.security.MidpointAuthenticationManager;
 import com.evolveum.midpoint.web.security.MidpointProviderManager;
 import com.evolveum.midpoint.web.security.factory.channel.AuthChannelRegistryImpl;
 import com.evolveum.midpoint.web.security.module.ModuleWebSecurityConfig;
@@ -60,7 +61,7 @@ public class MidpointAuthFilter extends GenericFilterBean {
     private AuthChannelRegistryImpl authChannelRegistry;
 
     @Autowired
-    private AuthenticationManager authenticationManager;
+    private MidpointAuthenticationManager authenticationManager;
 
 //    private SecurityFilterChain authenticatedFilter;
     private AuthenticationsPolicyType authenticationPolicy;
@@ -171,7 +172,7 @@ private void doFilterInternal(ServletRequest request, ServletResponse response,
         //change sequence of authentication during another sequence
         if (mpAuthentication == null || !sequence.equals(mpAuthentication.getSequence())) {
             SecurityContextHolder.getContext().setAuthentication(null);
-            ((MidpointProviderManager)authenticationManager).getProviders().clear();
+            authenticationManager.getProviders().clear();
             authModules = SecurityUtils.buildModuleFilters(authModuleRegistry, sequence, httpRequest, authenticationsPolicy.getModules(),
                     credentialsPolicy, sharedObjects, authenticationChannel);
         } else {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/module/ModuleWebSecurityConfig.java

@@ -58,7 +58,7 @@ public class ModuleWebSecurityConfig<C extends ModuleWebSecurityConfiguration> e
     private MidPointGuiAuthorizationEvaluator accessDecisionManager;
 
     @Autowired
-    private AuthenticationManager authenticationManager;
+    private MidpointAuthenticationManager authenticationManager;
 
     @Autowired
     private AuthModuleRegistryImpl authRegistry;
@@ -138,12 +138,10 @@ protected void configure(HttpSecurity http) throws Exception {
 
     @Override
     protected AuthenticationManager authenticationManager() throws Exception {
-//        authenticationManager.getProviders().clear();
-//        authenticationManager.getProviders().add(midPointAuthenticationProvider);
         if (configuration != null && !configuration.getAuthenticationProviders().isEmpty()) {
             for (AuthenticationProvider authenticationProvider : configuration.getAuthenticationProviders()) {
-                if (!(((MidpointProviderManager)authenticationManager).getProviders().contains(authenticationProvider))) {
-                    ((MidpointProviderManager)authenticationManager).getProviders().add(authenticationProvider);
+                if (!(authenticationManager.getProviders().contains(authenticationProvider))) {
+                    authenticationManager.getProviders().add(authenticationProvider);
                 }
             }
         }