adding cleaning filter when authentication is changed (MID-6897)

Evolveum · Mar 15, 2021 · c5f6631 · c5f6631
1 parent 775543e
commit c5f6631
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 0 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/BasicWebSecurityConfig.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/BasicWebSecurityConfig.java
@@ -71,6 +71,9 @@ public class BasicWebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     PrismContext prismContext;
 
+    @Autowired
+    private RemoveUnusedSecurityFilterPublisher removeUnusedSecurityFilterPublisher;
+
     private ObjectPostProcessor<Object> objectObjectPostProcessor;
 
     public BasicWebSecurityConfig() {
@@ -187,6 +190,11 @@ public void saveContext(SecurityContext context, HttpServletRequest request, Htt
                     super.saveContext(context, request, response);
                 }
             }
+
+            @Override
+            protected SecurityContext generateNewContext() {
+                return new MidpointSecurityContext(super.generateNewContext(), removeUnusedSecurityFilterPublisher);
+            }
         };
         httpSecurityRepository.setDisableUrlRewriting(true);
         AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidpointSecurityContext.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidpointSecurityContext.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2010-2019 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.web.security;
+
+import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+
+/**
+ * @author skublik
+ */
+
+public class MidpointSecurityContext implements SecurityContext {
+
+    private SecurityContext securityContext;
+    private RemoveUnusedSecurityFilterPublisher publisher;
+
+    public MidpointSecurityContext (SecurityContext securityContext, RemoveUnusedSecurityFilterPublisher publisher) {
+        this.securityContext = securityContext;
+        this.publisher = publisher;
+    }
+
+    @Override
+    public Authentication getAuthentication() {
+        return securityContext.getAuthentication();
+    }
+
+    @Override
+    public void setAuthentication(Authentication authentication) {
+        if (getAuthentication() instanceof MidpointAuthentication
+                && !getAuthentication().equals(authentication)) {
+            publisher.publishCustomEvent((MidpointAuthentication) getAuthentication());
+        }
+        securityContext.setAuthentication(authentication);
+    }
+}