diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java index ea859ef8b4..599afa3638 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java @@ -34,10 +34,6 @@ import org.springframework.core.annotation.Order; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.DelegatingSecurityContextRepository; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.util.ClassUtils; /** @@ -71,8 +67,6 @@ public class ManagementWebSecurityAutoConfiguration { } http.formLogin(Customizer.withDefaults()); http.httpBasic(Customizer.withDefaults()); - http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository( - new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository())); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java index 2b8e7960d5..840832125a 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java @@ -29,10 +29,6 @@ import org.springframework.security.config.BeanIds; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.DelegatingSecurityContextRepository; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * {@link Configuration @Configuration} class securing servlet applications. @@ -60,8 +56,6 @@ class SpringBootWebSecurityConfiguration { http.authorizeHttpRequests().anyRequest().authenticated(); http.formLogin(); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository( - new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository())); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java index e4ae797af2..52b380dfe6 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java @@ -31,8 +31,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; @@ -95,7 +93,6 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer { http.securityMatcher(EndpointRequest.toAnyEndpoint()); http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java index 9906554b1e..7b0f55e802 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests to ensure that the error page with a custom servlet path is accessible only to @@ -51,7 +49,6 @@ class CustomServletPathErrorPageTests extends AbstractErrorPageTests { requests.anyRequest().fullyAuthenticated(); }); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java index ba4ce2e9af..81946f7b96 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java @@ -20,8 +20,6 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests for error page that permits access to all with a custom servlet path. @@ -50,7 +48,6 @@ class CustomServletPathUnauthenticatedErrorPageTests extends AbstractUnauthentic requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().authenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java index cb1e0115f7..24fb0c08eb 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests to ensure that the error page is accessible only to authorized users. @@ -49,7 +47,6 @@ class ErrorPageTests extends AbstractErrorPageTests { requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().fullyAuthenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); http.formLogin((form) -> form.loginPage("/login").permitAll()); return http.build(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java index ddfd954974..17f88761ec 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests for error page that permits access to all. @@ -50,7 +48,6 @@ class UnauthenticatedErrorPageTests extends AbstractUnauthenticatedErrorPageTest requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().authenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); return http.build(); }