Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x' into 6.0.x

This commit is contained in:
Josh Cummings 2023-05-10 15:56:18 -06:00
parent c7a6ceff0b b969179b5c
commit 1b4b91a35c
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/modules/ROOT/pages/servlet/authentication/persistence.adoc
View File

@ -192,9 +192,11 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextPe
image::{figures}/securitycontextpersistencefilter.png[]
<1> Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
<2> Next, the application is ran.
<3> Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
image:{icondir}/number_2.png[] Next, the application is ran.
image:{icondir}/number_3.png[] Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
This means that when using `SecurityContextPersistenceFilter`, just setting the `SecurityContextHolder` will ensure that the `SecurityContext` is persisted using `SecurityContextRepository`.
In some cases a response is committed and written to the client before the `SecurityContextPersisteneFilter` method completes.
@ -211,11 +213,12 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextHo
image::{figures}/securitycontextholderfilter.png[]
<1> Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
<2> Next, the application is ran.
image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
image:{icondir}/number_2.png[] Next, the application is ran.
Unlike, xref:servlet/authentication/persistence.adoc#securitycontextpersistencefilter[`SecurityContextPersistenceFilter`], `SecurityContextHolderFilter` only loads the `SecurityContext` it does not save the `SecurityContext`.
This means that when using `SecurityContextHolderFilter`, it is required that the `SecurityContext` is explicitly saved.
include::partial$servlet/architecture/security-context-explicit.adoc[]
include::partial$servlet/architecture/security-context-explicit.adoc[]