Fix setters not working for CasAuthenticationFilter

marcusdacoregio · marcusdacoregio · commit 4e5780a30cd7 · 2024-02-02T15:29:28.000-03:00
The setSecurityContextRepository and setSecurityContextHolderStrategy only works for the parent class. This commit overrides the method and make sure that we set the objects in the super class and the CasAuthenticationFilter. Closes gh-14529
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -298,6 +298,12 @@ public final void setServiceProperties(final ServiceProperties serviceProperties
 		this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts();
 	}
 
+	@Override
+	public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
+		super.setSecurityContextRepository(securityContextRepository);
+		this.securityContextRepository = securityContextRepository;
+	}
+
 	/**
 	 * Indicates if the request is elgible to process a service ticket. This method exists
 	 * for readability.
diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,10 @@
 
 package org.springframework.security.cas.web;
 
+import java.io.IOException;
+
 import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
 import org.apereo.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
@@ -219,4 +222,14 @@ public void successfulAuthenticationWhenProxyRequestThenSavesSecurityContext() t
 		verify(securityContextRepository).saveContext(any(SecurityContext.class), eq(request), eq(response));
 	}
 
+	@Test
+	void successfulAuthenticationWhenSecurityContextRepositorySetThenUses() throws ServletException, IOException {
+		SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		filter.setSecurityContextRepository(securityContextRepository);
+		filter.successfulAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse(),
+				new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).saveContext(any(SecurityContext.class), any(), any());
+	}
+
 }
