Skip to content

Commit a377175

Browse files
committed
Merge branch '6.3.x' into 6.4.x
Closes gh-17215
2 parents a0c5504 + b0f8aa5 commit a377175

File tree

2 files changed

+28
-2
lines changed

2 files changed

+28
-2
lines changed

web/src/main/java/org/springframework/security/web/authentication/AuthenticationFilter.java

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2022 the original author or authors.
2+
* Copyright 2002-2025 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -64,6 +64,7 @@
6464
* </ul>
6565
*
6666
* @author Sergey Bespalov
67+
* @author Andrey Litvitski
6768
* @since 5.2.0
6869
*/
6970
public class AuthenticationFilter extends OncePerRequestFilter {
@@ -193,6 +194,15 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
193194
}
194195
}
195196

197+
@Override
198+
protected String getAlreadyFilteredAttributeName() {
199+
String name = getFilterName();
200+
if (name == null) {
201+
name = getClass().getName().concat("-" + System.identityHashCode(this));
202+
}
203+
return name + ALREADY_FILTERED_SUFFIX;
204+
}
205+
196206
private void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
197207
AuthenticationException failed) throws IOException, ServletException {
198208
this.securityContextHolderStrategy.clearContext();

web/src/test/java/org/springframework/security/web/authentication/AuthenticationFilterTests.java

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2022 the original author or authors.
2+
* Copyright 2002-2025 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
1717
package org.springframework.security.web.authentication;
1818

1919
import jakarta.servlet.FilterChain;
20+
import jakarta.servlet.Servlet;
2021
import jakarta.servlet.ServletException;
2122
import jakarta.servlet.ServletRequest;
2223
import jakarta.servlet.ServletResponse;
@@ -57,6 +58,7 @@
5758

5859
/**
5960
* @author Sergey Bespalov
61+
* @author Andrey Litvitski
6062
* @since 5.2.0
6163
*/
6264
@ExtendWith(MockitoExtension.class)
@@ -318,4 +320,18 @@ public void filterWhenCustomSecurityContextRepositoryAndSuccessfulAuthentication
318320
assertThat(securityContextArg.getValue().getAuthentication()).isEqualTo(authentication);
319321
}
320322

323+
@Test
324+
public void filterWhenMultipleInChainThenAllFiltered() throws Exception {
325+
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
326+
MockHttpServletResponse response = new MockHttpServletResponse();
327+
AuthenticationFilter filter1 = new AuthenticationFilter(this.authenticationManager,
328+
this.authenticationConverter);
329+
AuthenticationConverter converter2 = mock(AuthenticationConverter.class);
330+
AuthenticationFilter filter2 = new AuthenticationFilter(this.authenticationManager, converter2);
331+
FilterChain chain = new MockFilterChain(mock(Servlet.class), filter1, filter2);
332+
chain.doFilter(request, response);
333+
verify(this.authenticationConverter).convert(any());
334+
verify(converter2).convert(any());
335+
}
336+
321337
}

0 commit comments

Comments
 (0)