Spring Security如何跨Web应用程序请求在线程中管理SecurityContext? [英] How does Spring Security manage SecurityContext in a thread across web application requests?
问题描述
在SpringSecurity中,它具有一个类名称SecurityContextHolder及其规范:将给定的SecurityContext与当前执行线程相关联."使用Web应用程序,每当有一个请求到达服务器时,Spring还会在SecurityContextHolder中为其线程重新加载并设置该请求的SecurityContext吗?
In SpringSecurity it has a class name SecurityContextHolder and its spec: 'Associates a given SecurityContext with the current execution thread.' With web application whenever a request comes to server then Spring also reload and set SecurityContext of that request in SecurityContextHolder for its thread?
推荐答案
Yes, the SecurityContextPersistenceFilter takes care of this. By default it locates the SecurityContext in the HttpSession and binds it to the thread via the SecurityContextHolder. When the request is finished processing it does the reverse - it takes the SecurityContext from the thread and puts it in the session.
来自Javadoc:
使用从 在请求和存储之前配置的SecurityContextRepository 请求完成并清除后,将其返回到存储库中 上下文持有者.默认情况下,它使用 HttpSessionSecurityContextRepository.
Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses an HttpSessionSecurityContextRepository.
这篇关于Spring Security如何跨Web应用程序请求在线程中管理SecurityContext?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
