New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebSessionServerSecurityContextRepository provides Mono.cache option #8422
Comments
Same issue seen on stackoverflow: |
Thanks for the report.
This is intentional to avoid calling load if no one needs the |
after enabling |
@mafei-dev FYI, I worked around by passing in a cached Mono myself. |
There is now an option to cache the result of WebSessionServerSecurityContextRepository which ensures that the logic inside the WebSessionServerSecurityContextRepository is only invoked once. |
Fix the checkstyle for this feature Closes gh-8422
Fix the checkstyle for this feature Closes gh-8422
Describe the bug
Authenticate an unauthorized Authentication using
ServerSecurityContextRepository
cause theMono<SecurityContext>
produced by itsload
method subscribed twice.To Reproduce
See the following config snippet:
The root cause is:
ReactorContextWebFilter
save the Mono ofSecurityContext
into the reactor context, rather than the actual value. The Mono is subscribed the first time in regular authentication process.ExceptionTranslationWebFilter
onAccessDeniedException
resumes to retrieve thePrincipal
, which leads to getting the Mono ofSecurityContext
(and subscribe it again) inSecurityContextServerWebExchange
.Expected behavior
I would expect the load method is only called once in this scenario. Not sure if the current behavior is intended, but it's quite confusing to me.
Perhaps saving
Mono<SecurityContext>
(opposed to saving theSecurityContext
itself) is the root of the pain. I think keeping the Mono could lead to a more ambiguous lifecycle and might eventually harm the way to make Authentication immutable as well.Sample
See the snippet above. An empty project with such a security config and any request could trigger the issue.
The text was updated successfully, but these errors were encountered: