mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-12 13:23:29 +00:00
5f9dfb73be
Previously Spring Security would disable automatically saving the
SecurityContext when the Thread was different than the Thread that
created the SaveContextOnUpdateOrErrorResponseWrapper. This worked for
many cases, but could cause issues when a timeout occurred. The problem
is that a Thread can be reused to process the timeout since the Threads
are pooled. This means that a timeout of a request trigger an apparent
logout as described in the following workflow:
- The SecurityContext was established on the SecurityContextHolder
- An Async request was made
- The SecurityContextHolder would be cleared out
- The Async request times out
- The Async request would be dispatched back to the container upon
timing out. If the container reused the same Thread to process the
timeout as the original request, Spring Security would attempt to
save the SecurityContext when the response was committed. Since the
SecurityContextHolder was still cleared out it removes the
SecurityContext from the HttpSession
Spring Security will now prevent the SecurityContext from automatically
being saved when the response is committed as soon as
HttpServletRequest#startAsync() or
ServletRequest#startAsync(ServletRequest,ServletResponse) is called.
===============================================================================
SPRING SECURITY - README FILE
===============================================================================
-------------------------------------------------------------------------------
OVERVIEW
-------------------------------------------------------------------------------
Spring Security provides security services for the Spring Framework
(http://www.springframework.org). Spring Security 3.1 requires Spring 3.0.3 as
a minimum and also requires Java 5.
For a detailed list of features and access to the latest release, please visit
http://www.springframework.org/projects/.
Spring Security is released under an Apache 2.0 license. See the accompanying
license.txt file.
-------------------------------------------------------------------------------
BUILDING
-------------------------------------------------------------------------------
Please read the "Building from Source" page at
http://static.springframework.org/spring-security/site/.
-------------------------------------------------------------------------------
DOCUMENTATION
-------------------------------------------------------------------------------
Be sure to read the Reference Guide (docs/reference/html/springsecurity.html).
Extensive JavaDoc for the Spring Security code is also available (in docs/apidocs).
Both can also be found on the website.
-------------------------------------------------------------------------------
QUICK START
-------------------------------------------------------------------------------
We recommend you visit http://static.springframework.org/spring-security/site and
read the "Getting Started" page.
-------------------------------------------------------------------------------
MAVEN REPOSITORY DOWNLOADS
-------------------------------------------------------------------------------
Release jars for the project are available from the central maven repository
http://repo1.maven.org/maven2/org/springframework/security/
Note that milestone releases and snapshots are not uploaded to the central
repository, but can be obtained from the Spring milestone repository, using the
maven repository http://maven.springframework.org/snapshot/. You can't browse this
URL directly, but there is a separate browser interface. Check the downloads page
for more information
http://static.springsource.org/spring-security/site/downloads.html
-------------------------------------------------------------------------------
OBTAINING SUPPORT
-------------------------------------------------------------------------------
There are two types of support available, commercial and community. For
commercial support, please contact SpringSource. SpringSource employ the
people who wrote Spring Security, and lead the development of the project:
http://www.springsource.com
For peer help and assistance, please use the Spring Security forum
located at the Spring Community's forum site:
http://forum.springframework.org
Links to the forums, and other useful resources are
available from the web site.
-------------------------------------------------------------------------------
CONTRIBUTING
-------------------------------------------------------------------------------
Contributions are welcome. Please refer to the Contributor Guidelines for details
https://github.com/SpringSource/spring-security/wiki/Contributor-Guidelines