This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Spring and the fly likes Spring SecurityContext in Clustered Environment Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring SecurityContext in Clustered Environment" Watch "Spring SecurityContext in Clustered Environment" New topic

Spring SecurityContext in Clustered Environment

Baskar Sikkayan

Joined: Oct 06, 2011
Posts: 16
We use Spring security 3 in our Application and we get current user details as follows.

public static SessionUser currentUserDetails() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null) {
Object principal = authentication.getPrincipal();
return principal instanceof UserDetails ? (SessionUser) principal
: null;
return null;

Now, we are planning to move this App to a clustered environment. Will there be any code change?
We are wondering if there is any change in the code for clustered environment?

Any help on this will be appreciated?

Bill Gorder

Joined: Mar 07, 2010
Posts: 1648

Please Use Code Tags

The SecurityContext and its assoicated Authentication is stored in the session, so this can work in clustered environment. Just note that setting up session replication is application server specific and not instantaneous. You will likely need to set up sticky sessions on your load balancer to help account for this as well.

I am not an expert on configuring application servers (there is always another team that handles that on my projects) but to your original question, yes your code can work just fine in a clustered environment.

[How To Ask Questions][Read before you PM me]
I agree. Here's the link:
subject: Spring SecurityContext in Clustered Environment
Similar Threads
Access spring user object
Need to skip spring/ldap authentication to be able to develop at home
Basic question of Acegi
Web App hangs up when opening hibernate session factory
Updating SecurityContext