Fix logging for AnonymousAuthenticationFilter

rwinch · rwinch · commit 1c61748bb94f · 2022-07-08T15:39:53.000-05:00
Currently if trace logging is enabled a StackOverflowException is thrown when trying to resolve toString of the authentication. java.lang.StackOverflowError: null at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na] at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12] at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12] at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na] at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12] at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12] at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na] at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) Issue gh-11457
diff --git a/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/AnonymousAuthenticationFilter.java
@@ -123,7 +123,7 @@ private SecurityContext defaultWithAnonymous(HttpServletRequest request, Securit
 		else {
 			if (this.logger.isTraceEnabled()) {
 				this.logger.trace(LogMessage.of(() -> "Did not set SecurityContextHolder since already authenticated "
-						+ this.securityContextHolderStrategy.getContext().getAuthentication()));
+						+ currentAuthentication));
 			}
 		}
 		return currentContext;

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ private SecurityContext defaultWithAnonymous(HttpServletRequest request, Securit`
`123`	`123`	`else {`
`124`	`124`	`if (this.logger.isTraceEnabled()) {`
`125`	`125`	`this.logger.trace(LogMessage.of(() -> "Did not set SecurityContextHolder since already authenticated "`
`126`		`- + this.securityContextHolderStrategy.getContext().getAuthentication()));`
	`126`	`+ + currentAuthentication));`
`127`	`127`	`}`
`128`	`128`	`}`
`129`	`129`	`return currentContext;`