How does Spring Security manage SecurityContext in a thread across web application requests?

后端 未结 2 747
时光取名叫无心
时光取名叫无心 2021-02-15 06:00

In SpringSecurity it has a class name SecurityContextHolder and its spec: \'Associates a given SecurityContext with the current execution thread.\' With web application whenever

2条回答
  •  别那么骄傲
    2021-02-15 06:43

    Yes, the SecurityContextPersistenceFilter takes care of this. By default it locates the SecurityContext in the HttpSession and binds it to the thread via the SecurityContextHolder. When the request is finished processing it does the reverse - it takes the SecurityContext from the thread and puts it in the session.

    From the Javadoc:

    Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses an HttpSessionSecurityContextRepository.

提交回复
热议问题