A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Joined: Jun 28, 2003
Jul 26, 2011 14:37:23
I have a small question regarding the SecurityContext update.
I noticed that when I use the following lines the SecurityContext is not really (or never ???) updated :
Authentication auth = new UsernamePasswordAuthenticationToken(authUser, null, authorities); SecurityContext sc = new SecurityContextImpl(); sc.setAuthentication(auth); SecurityContextHolder.setContext(sc);
However, if i use the following lines, the SecurityContext is systematically updated :
Authentication auth = new UsernamePasswordAuthenticationToken(authUser, null, authorities); SecurityContextHolder.getContext().setAuthentication(auth);
So, the line
does correctly update the security context.
But aren't these two ways of doing the same thing ?
Why does the first method does not work ?
Thanks for enlightening me.
SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCBCD 5
Visit my blog
Joined: Aug 11, 2010
Jul 26, 2011 18:43:25
The SecurityContextHolder is able to reterieve the context from threadlocal, which is where it is kept/stored by Spring.
I agree. Here's the link:
subject: Updating SecurityContext
nullpointer with @Autowired AuthenticationManager
Authenticating in Spring Security with password and username in url
Spring Security 2.0.4 .... Redirect user to original page after authentication success or failure
Spring 3 and X.509 Authentication
is this class thread-safe ?
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2014