From b257b766ad12eac73a29791ae81f4361649095d7 Mon Sep 17 00:00:00 2001
From: Eugene Kamenev <eugene.kamenev@gmail.com>
Date: Wed, 10 Sep 2025 12:26:24 +0500
Subject: [PATCH] fix: JEESessionStore.INSTANCE does not exist

---
 .../springsecurity/rest/RestOauthController.groovy    | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/plugin-rest/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy b/plugin-rest/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy
index f5d59b0be..8f5bfd282 100644
--- a/plugin-rest/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy
+++ b/plugin-rest/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy
@@ -32,10 +32,9 @@ import org.apache.commons.codec.binary.Base64
 import org.grails.plugins.codecs.URLCodec
 import org.pac4j.core.client.IndirectClient
 import org.pac4j.core.context.CallContext
-import org.pac4j.core.context.WebContext
 import org.pac4j.core.exception.http.RedirectionAction
 import org.pac4j.jee.context.JEEContext
-import org.pac4j.jee.context.session.JEESessionStore
+import org.pac4j.jee.context.session.JEESessionStoreFactory
 import org.springframework.http.HttpStatus
 import org.springframework.security.core.userdetails.User
 
@@ -64,8 +63,6 @@ class RestOauthController {
      */
     def authenticate(String provider, String callback) {
         IndirectClient client = restOauthService.getClient(provider)
-        WebContext context = new JEEContext(request, response)
-
         if (callback) {
             try {
                 if (Base64.isBase64(callback.getBytes())){
@@ -78,7 +75,8 @@ class RestOauthController {
             }
         }
 
-        RedirectionAction redirectAction = client.getRedirectionAction(context, JEESessionStore.INSTANCE).get()
+        RedirectionAction redirectAction = client.getRedirectionAction(new CallContext(new JEEContext(request, response),
+                JEESessionStoreFactory.INSTANCE.newSessionStore(null))).get()
         log.debug "Redirecting to ${redirectAction.location}"
         redirect url: redirectAction.location
     }
@@ -89,7 +87,8 @@ class RestOauthController {
      * frontend application can store the REST API token locally for subsequent API calls.
      */
     def callback(String provider) {
-        CallContext context = new CallContext(new JEEContext(request, response), null)
+        CallContext context = new CallContext(new JEEContext(request, response),
+                JEESessionStoreFactory.INSTANCE.newSessionStore(null))
         def frontendCallbackUrl
         if (session[CALLBACK_ATTR]) {
             log.debug "Found callback URL in the HTTP session"