Cannot configure `SecurityContextRepository` in `CasAuthenticationFilter`

**Describe the bug**
`CasAuthenticationFilter` set a reference of `SecurityContextRepository` (https://github.com/spring-projects/spring-security/blob/e77126740d67f5fe714833c910b9c94976e44c49/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java#L216) in itself and use it in https://github.com/spring-projects/spring-security/blob/e77126740d67f5fe714833c910b9c94976e44c49/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java#L233 which cause the `setSecurityContextRepository(...)` defined in parent class `AbstractAuthenticationProcessingFilter` not configurable anymore.
The `securityContextRepository` reference is just for the call of `successfulAuthentication(...)` (https://github.com/spring-projects/spring-security/blob/e77126740d67f5fe714833c910b9c94976e44c49/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java#L227-L236).
For me, seems like it is just duplicating the code defined in parent class `AbstractAuthenticationProcessingFilter` (https://github.com/spring-projects/spring-security/blob/e77126740d67f5fe714833c910b9c94976e44c49/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java#L322-L333) and can be rewritten to avoid the `securityContextRepository` reference defined in `CasAuthenticationFilter`.
Example:
```java
@Override
protected final void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
		FilterChain chain, Authentication authResult) throws IOException, ServletException {
	boolean continueFilterChain = proxyTicketRequest(serviceTicketRequest(request, response), request);
	super.successfulAuthentication(request, response, chain, authResult);
	if (continueFilterChain) {
		chain.doFilter(request, response);
	}
}
```

**Expected behavior**
`CasAuthenticationFilter` should be able to configure different `SecurityContextRepository` by calling `setSecurityContextRepository(...)`

	this.logger.debug(
	LogMessage.format("Authentication success. Updating SecurityContextHolder to contain: %s", authResult));

	SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
	context.setAuthentication(authResult);
	this.securityContextHolderStrategy.setContext(context);
	this.securityContextRepository.saveContext(context, request, response);
	if (this.eventPublisher != null) {
	this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
	}

	SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
	context.setAuthentication(authResult);
	this.securityContextHolderStrategy.setContext(context);
	this.securityContextRepository.saveContext(context, request, response);
	if (this.logger.isDebugEnabled()) {
	this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", authResult));
	}
	this.rememberMeServices.loginSuccess(request, response, authResult);
	if (this.eventPublisher != null) {
	this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
	}
	this.successHandler.onAuthenticationSuccess(request, response, authResult);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cannot configure `SecurityContextRepository` in `CasAuthenticationFilter` #14529

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cannot configure SecurityContextRepository in CasAuthenticationFilter #14529

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Cannot configure `SecurityContextRepository` in `CasAuthenticationFilter` #14529