Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/partials/servlet/architecture/security-context-explicit.adoc

86 lines
1.7 KiB
Plaintext
Raw Blame History

.Explicit Saving of SecurityContext
[tabs]
======
Java::
+
[source,java,role="primary"]
----
public SecurityFilterChain filterChain(HttpSecurity http) {
http
// ...
.securityContext((securityContext) -> securityContext
.requireExplicitSave(true)
);
return http.build();
}
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
open fun springSecurity(http: HttpSecurity): SecurityFilterChain {
http {
securityContext {
requireExplicitSave = true
}
}
return http.build()
}
----
XML::
+
[source,xml,role="secondary"]
----
<http security-context-explicit-save="true">
<!-- ... -->
</http>
----
======
Upon using the configuration, it is important that any code that sets the `SecurityContextHolder` with a `SecurityContext` also saves the `SecurityContext` to the `SecurityContextRepository` if it should be persisted between requests.
For example, the following code:
.Setting `SecurityContextHolder` with `SecurityContextPersistenceFilter`
[tabs]
======
Java::
+
[source,java,role="primary"]
----
SecurityContextHolder.setContext(securityContext);
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
SecurityContextHolder.setContext(securityContext)
----
======
should be replaced with
.Setting `SecurityContextHolder` with `SecurityContextHolderFilter`
[tabs]
======
Java::
+
[source,java,role="primary"]
----
SecurityContextHolder.setContext(securityContext);
securityContextRepository.saveContext(securityContext, httpServletRequest, httpServletResponse);
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
SecurityContextHolder.setContext(securityContext)
securityContextRepository.saveContext(securityContext, httpServletRequest, httpServletResponse)
----
======
Reference in New Issue View Git Blame Copy Permalink