permaculture playing cards*
The moose likes Spring and the fly likes Updating SecurityContext Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Updating SecurityContext " Watch "Updating SecurityContext " New topic

Updating SecurityContext

Celinio Fernandes
Ranch Hand

Joined: Jun 28, 2003
Posts: 547

I have a small question regarding the SecurityContext update.

I noticed that when I use the following lines the SecurityContext is not really (or never ???) updated :

However, if i use the following lines, the SecurityContext is systematically updated :

So, the line SecurityContextHolder.getContext().setAuthentication(auth); does correctly update the security context.

But aren't these two ways of doing the same thing ?
Why does the first method does not work ?

Thanks for enlightening me.

SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCBCD 5
Visit my blog
Rishi Shehrawat
Ranch Hand

Joined: Aug 11, 2010
Posts: 218

The SecurityContextHolder is able to reterieve the context from threadlocal, which is where it is kept/stored by Spring.
I agree. Here's the link:
subject: Updating SecurityContext
Similar Threads
Spring 3 and X.509 Authentication
Authenticating in Spring Security with password and username in url
Spring Security 2.0.4 .... Redirect user to original page after authentication success or failure
is this class thread-safe ?
nullpointer with @Autowired AuthenticationManager