Cache SecurityContextRepository.loadContext(HttpServletRequest) Result

rwinch · rwinch · commit 29db051f7ac6 · 2022-06-17T14:52:35.000-05:00
Closes gh-11390
diff --git a/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/SecurityContextRepository.java
@@ -22,6 +22,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.context.SecurityContext;
+import org.springframework.util.function.SingletonSupplier;
 
 /**
  * Strategy used for persisting a {@link SecurityContext} between requests.
@@ -76,7 +77,7 @@ public interface SecurityContextRepository {
 	 * @since 5.7
 	 */
 	default Supplier<SecurityContext> loadContext(HttpServletRequest request) {
-		return () -> loadContext(new HttpRequestResponseHolder(request, null));
+		return SingletonSupplier.of(() -> loadContext(new HttpRequestResponseHolder(request, null)));
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java b/web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.context;
+
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextImpl;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+/**
+ * @author Rob Winch
+ */
+class SecurityContextRepositoryTests {
+
+	SecurityContextRepository repository = spy(SecurityContextRepository.class);
+
+	@Test
+	void loadContextHttpRequestResponseHolderWhenInvokeSupplierTwiceThenOnlyInvokesLoadContextOnce() {
+		given(this.repository.loadContext(any(HttpRequestResponseHolder.class))).willReturn(new SecurityContextImpl());
+		Supplier<SecurityContext> deferredContext = this.repository.loadContext(mock(HttpServletRequest.class));
+		verify(this.repository).loadContext(any(HttpServletRequest.class));
+		deferredContext.get();
+		verify(this.repository).loadContext(any(HttpRequestResponseHolder.class));
+		deferredContext.get();
+		verifyNoMoreInteractions(this.repository);
+	}
+
+}
