Remove workarounds for SecurityContextRepository

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java

@@ -34,10 +34,6 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.DelegatingSecurityContextRepository;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.util.ClassUtils;
 
 /**
@@ -71,8 +67,6 @@ public class ManagementWebSecurityAutoConfiguration {
 		}
 		http.formLogin(Customizer.withDefaults());
 		http.httpBasic(Customizer.withDefaults());
-		http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository(
-				new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()));
 		return http.build();
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java

@@ -29,10 +29,6 @@ import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.DelegatingSecurityContextRepository;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * {@link Configuration @Configuration} class securing servlet applications.
@@ -60,8 +56,6 @@ class SpringBootWebSecurityConfiguration {
 			http.authorizeHttpRequests().anyRequest().authenticated();
 			http.formLogin();
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository(
-					new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository()));
 			return http.build();
 		}
 

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java

@@ -31,8 +31,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
@@ -95,7 +93,6 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
 			http.securityMatcher(EndpointRequest.toAnyEndpoint());
 			http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			return http.build();
 		}
 

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java

@@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests to ensure that the error page with a custom servlet path is accessible only to
@@ -51,7 +49,6 @@ class CustomServletPathErrorPageTests extends AbstractErrorPageTests {
 				requests.anyRequest().fullyAuthenticated();
 			});
 			http.httpBasic();
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll());
 			return http.build();
 		}

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java

@@ -20,8 +20,6 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests for error page that permits access to all with a custom servlet path.
@@ -50,7 +48,6 @@ class CustomServletPathUnauthenticatedErrorPageTests extends AbstractUnauthentic
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().authenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			return http.build();
 		}

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java

@@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests to ensure that the error page is accessible only to authorized users.
@@ -49,7 +47,6 @@ class ErrorPageTests extends AbstractErrorPageTests {
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().fullyAuthenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			http.formLogin((form) -> form.loginPage("/login").permitAll());
 			return http.build();

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java

@@ -21,8 +21,6 @@ import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 
 /**
  * Tests for error page that permits access to all.
@@ -50,7 +48,6 @@ class UnauthenticatedErrorPageTests extends AbstractUnauthenticatedErrorPageTest
 				requests.requestMatchers("/public/**").permitAll();
 				requests.anyRequest().authenticated();
 			});
-			http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository());
 			http.httpBasic();
 			return http.build();
 		}