How does Spring Security manage SecurityContext in a thread across web application requests?

后端 未结 2 740
时光取名叫无心
时光取名叫无心 2021-02-15 06:00

In SpringSecurity it has a class name SecurityContextHolder and its spec: \'Associates a given SecurityContext with the current execution thread.\' With web application whenever

2条回答
  •  庸人自扰
    2021-02-15 06:51

    With web application whenever a request comes to server then Spring also reload and set SecurityContext of that request in SecurityContextHolder for its thread?

    Basically yes.

    The default behavior of SecurityContextHolder.getInstance() is to return a SecurityContextHolder instance that it stored as a thread-local of the current thread. (This is only the default mechanism. You can use a different strategy for locating the SecurityContextHolder by calling SecurityContextHolder.setStrategemName())

    A SpringSecurity filters ensure that the request's SecurityContextHolder (however it is located) is loaded with the request credentials at the start and that the holder is cleared at the end of request processing.

提交回复
热议问题