In this PR I added fields for a SecurityContextRepository and a SecurityContextHolderStrategy und use them similar to AbstractAuthenticationProcessingFilter#successfulAuthentication to store the SecurityContext in the SecurityContextRepository. By default it uses RequestAttributeSecurityContextRepository wich is the same as in the AbstractAuthenticationProcessingFilter.
To finally achieve the expected result for #185 we have to configure the SpnegoAuthenticationProcessingFilter with at least a HttpSessionSecurityContextRepository or better (as far as I can tell from checking what spring-security is doing) with new DelegatingSecurityContextRepository(new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()). Using http.getConfigurer(SecurityContextConfigurer.class); should also work if the http object is available when creating the SPNEGO Filter.
Fixes #185
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
In this PR I added fields for a
SecurityContextRepositoryand aSecurityContextHolderStrategyund use them similar to AbstractAuthenticationProcessingFilter#successfulAuthentication to store theSecurityContextin theSecurityContextRepository. By default it usesRequestAttributeSecurityContextRepositorywich is the same as in theAbstractAuthenticationProcessingFilter.To finally achieve the expected result for #185 we have to configure the
SpnegoAuthenticationProcessingFilterwith at least aHttpSessionSecurityContextRepositoryor better (as far as I can tell from checking what spring-security is doing) withnew DelegatingSecurityContextRepository(new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()). Usinghttp.getConfigurer(SecurityContextConfigurer.class);should also work if thehttpobject is available when creating the SPNEGO Filter.Fixes #185