It's not a secret anymore!
The moose likes Spring and the fly likes Spring SecurityContext in Clustered Environment Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring SecurityContext in Clustered Environment" Watch "Spring SecurityContext in Clustered Environment" New topic

Spring SecurityContext in Clustered Environment

Baskar Sikkayan
Ranch Hand

Joined: Oct 06, 2011
Posts: 30
We use Spring security 3 in our Application and we get current user details as follows.

public static SessionUser currentUserDetails() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null) {
Object principal = authentication.getPrincipal();
return principal instanceof UserDetails ? (SessionUser) principal
: null;
return null;

Now, we are planning to move this App to a clustered environment. Will there be any code change?
We are wondering if there is any change in the code for clustered environment?

Any help on this will be appreciated?

Bill Gorder

Joined: Mar 07, 2010
Posts: 1682

Please Use Code Tags

The SecurityContext and its assoicated Authentication is stored in the session, so this can work in clustered environment. Just note that setting up session replication is application server specific and not instantaneous. You will likely need to set up sticky sessions on your load balancer to help account for this as well.

I am not an expert on configuring application servers (there is always another team that handles that on my projects) but to your original question, yes your code can work just fine in a clustered environment.

[How To Ask Questions][Read before you PM me]
I agree. Here's the link:
subject: Spring SecurityContext in Clustered Environment
jQuery in Action, 3rd edition