Merge branch '6.0.x' into 6.1.x
This commit is contained in:
commit
2158d262bc
|
@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want
|
|||
|
||||
To exemplify the above paragraph, let's consider the following security configuration:
|
||||
|
||||
====
|
||||
.Java
|
||||
[tabs]
|
||||
======
|
||||
Java::
|
||||
+
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
|
@ -193,7 +195,9 @@ public class SecurityConfig {
|
|||
|
||||
}
|
||||
----
|
||||
.Kotlin
|
||||
|
||||
Kotlin::
|
||||
+
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
import org.springframework.security.config.web.servlet.invoke
|
||||
|
@ -217,7 +221,7 @@ class SecurityConfig {
|
|||
|
||||
}
|
||||
----
|
||||
====
|
||||
======
|
||||
|
||||
The above configuration will result in the following `Filter` ordering:
|
||||
|
||||
|
@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url}
|
|||
|
||||
Now, we need to add the filter to the security filter chain.
|
||||
|
||||
====
|
||||
.Java
|
||||
======
|
||||
Java::
|
||||
+
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Bean
|
||||
|
@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
|||
return http.build();
|
||||
}
|
||||
----
|
||||
.Kotlin
|
||||
|
||||
Kotlin::
|
||||
+
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
|
@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
|||
return http.build()
|
||||
}
|
||||
----
|
||||
====
|
||||
======
|
||||
|
||||
<1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`.
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user.
|
|||
The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly:
|
||||
|
||||
.Setting `SecurityContextHolder`
|
||||
====
|
||||
|
||||
[tabs]
|
||||
======
|
||||
Java::
|
||||
|
@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple.
|
|||
A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`.
|
||||
<3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`.
|
||||
Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization].
|
||||
====
|
||||
|
||||
|
||||
To obtain information about the authenticated principal, access the `SecurityContextHolder`.
|
||||
|
||||
|
|
Loading…
Reference in New Issue