A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Joined: Jun 28, 2003
Jul 26, 2011 14:37:23
I have a small question regarding the
I noticed that when I use the following lines the
is not really (or never ???) updated :
Authentication auth = new UsernamePasswordAuthenticationToken(authUser, null, authorities); SecurityContext sc = new SecurityContextImpl(); sc.setAuthentication(auth); SecurityContextHolder.setContext(sc);
However, if i use the following lines, the
is systematically updated :
Authentication auth = new UsernamePasswordAuthenticationToken(authUser, null, authorities); SecurityContextHolder.getContext().setAuthentication(auth);
So, the line
does correctly update the security context.
But aren't these two ways of doing the same thing ?
Why does the first method does not work ?
Thanks for enlightening me.
SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCBCD 5
Visit my blog
Joined: Aug 11, 2010
Jul 26, 2011 18:43:25
The SecurityContextHolder is able to reterieve the context from threadlocal, which is where it is kept/stored by Spring.
I agree. Here's the link:
subject: Updating SecurityContext
Spring 3 and X.509 Authentication
Authenticating in Spring Security with password and username in url
Spring Security 2.0.4 .... Redirect user to original page after authentication success or failure
is this class thread-safe ?
nullpointer with @Autowired AuthenticationManager
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2014