Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set up Spring Security SecurityContextHolder strategy?

Tags:

spring

spring-security

I'm using asynchronous methods in my service (Spring 3 @Async annotation). And I've got a problem - spawned thread doesn't have security context. Cause of it is Spring Security by default uses SecurityContextHolder.MODE_THREADLOCAL strategy for its context holder. But I need to use SecurityContextHolder.MODE_INHERITABLETHREADLOCAL strategy. For the moment I set up strategy in my AuthenticationSuccessHandler. But in my point of view it's not a good practice.

So how can I set it up in context configuration file?
Version of spring security is 3.0.0.

like image 387
viator Avatar asked Aug 12 '10 13:08

viator

People also ask

How do I set authentication in SecurityContextHolder?

To, let's manually trigger authentication and then set the resulting Authentication object into the current SecurityContext used by the framework to hold the currently logged-in user: UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(user, pass); Authentication auth = authManager.

How does a SecurityContextHolder work?

The SecurityContextHolder is a helper class, which provide access to the security context. By default, it uses a ThreadLocal object to store security context, which means that the security context is always available to methods in the same thread of execution, even if you don't pass the SecurityContext object around.

What is SecurityContextHolder getContext () getAuthentication ()?

The HttpServletRequest.getUserPrincipal() will return the result of SecurityContextHolder.getContext().getAuthentication() . This means it is an Authentication which is typically an instance of UsernamePasswordAuthenticationToken when using username and password based authentication.

2 Answers

You can set the environment variable spring.security.strategy to MODE_INHERITABLETHREADLOCAL. You could also have a simple bean that during your web applications startup calls SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL) and initialize that value in your context configuration file.

SecurityContextHolder API

like image 187
Gandalf Avatar answered Nov 09 '22 13:11

Gandalf

The java config for @viator 's answer if it helps you.

@Bean public MethodInvokingFactoryBean methodInvokingFactoryBean() {     MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();     methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);     methodInvokingFactoryBean.setTargetMethod("setStrategyName");     methodInvokingFactoryBean.setArguments(new String[]{SecurityContextHolder.MODE_INHERITABLETHREADLOCAL});     return methodInvokingFactoryBean; }
like image 29
Matt Broekhuis Avatar answered Nov 09 '22 15:11

Matt Broekhuis
Sign in to Comment

Related questions

How do I reset my database state after each unit test without making the whole test a transaction?
In Spring what is the difference between @Profile and @ActiveProfiles
How can I have case insensitive URLS in Spring MVC with annotated mappings
How to specify validation group for @Valid?
Spring Web MVC: Use same request mapping for request parameter and path variable
Could not open ServletContext resource
Implement custom AuthenticationProvider in Spring Security 2.06
Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web - Annotations
ProxyFactoryBean in Spring
Forward HttpServletRequest to a different server
Spring JUnit Test Error
How do I instantiate an Object that uses generics with Spring framework?
RestTemplate -- default timeout value
When to use Servlet or @Controller
using Spring JdbcTemplate - injecting datasource vs jdbcTemplate
JUnit-testing a Spring @Async void service method
Spring boot test "No qualifying bean of type available"
Using prepared statements with JDBCTemplate
Where "user" comes from in convertAndSendToUser works in SockJS+Spring Websocket?
Maven and Spring Boot - non resolvable parent pom - repo.spring.io (Unknown host)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!