Improve AbstractPreAuthenticatedProcessingFilter docs

Mark Putsiata · jzheaux · commit cae3467a8d5f · 2025-05-19T09:45:53.000-06:00
Clarify misleading SecurityContextRepository setter documentation. Note that AbstractPreAuthenticatedProcessingFilter saves the SecurityContext upon successful authentication, and this behavior can be customized via the setSecurityContextRepository setter. Closes gh-14137 Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -79,6 +79,10 @@
  * raised by the <tt>AuthenticationManager</tt> will the be re-thrown. Note that this will
  * not affect cases where the principal returned by {@link #getPreAuthenticatedPrincipal}
  * is null, when the chain will still proceed as normal.
+ * <p>
+ * The filter saves the {@link SecurityContext} using the configured
+ * {@link SecurityContextRepository}, which can be set via
+ * {@link #setSecurityContextRepository}.
  *
  * @author Luke Taylor
  * @author Ruud Senden
@@ -253,8 +257,8 @@ public void setApplicationEventPublisher(ApplicationEventPublisher anApplication
 
 	/**
 	 * Sets the {@link SecurityContextRepository} to save the {@link SecurityContext} on
-	 * authentication success. The default action is not to save the
-	 * {@link SecurityContext}.
+	 * authentication success. The default action is to save the {@link SecurityContext}
+	 * in {@link HttpSession} using {@link HttpSessionSecurityContextRepository}.
 	 * @param securityContextRepository the {@link SecurityContextRepository} to use.
 	 * Cannot be null.
 	 */
