Menu
I don't understand one thing. If for example 5 users are logging into your application so spring security creates 5 different context ? I'm little confused about contexts in spring.
All components in spring are Singleton (by default). So if I create one component and two different authenticated users are working on this component so they are working on the same data ?
873
SecurityContext is kept in SecurityContextHolder with thread local strategy by default. Which means that SecurityContext will be scoped to a thread.
In Spring MVC application each request runs in its own thread. And Spring Security (SecurityContextPersistenceFilter in particular) populates the SecurityContextHolder with SecurityContext found in the HTTP Session (if one already exist).
So if five users are logged in your application, five security contexts will exist but only the one belonging to the user making the request will be available from the thread handling the request.
And for the second part of your question, yes, multiple users will be working with the same instances of your singleton scoped beans. But I'm not sure that is a problem. Your singleton beans may be services, DAOs, etc. and you probably don't store a state on those which can be directly changed by the users.
Hopefully this brief and simplified post explained it, if not leave a comment and I'll add more details.
More information:
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
