Spring security context, several users -
i don't understand 1 thing. if illustration 5 users logging application spring security creates 5 different context ? i'm little confused contexts in spring.
all components in spring singleton (by default). if create 1 component , 2 different authenticated users working on component working on same info ?
securitycontext
kept in securitycontextholder
thread local strategy default. means securitycontext
scoped thread.
in spring mvc application each request runs in own thread. , spring security (securitycontextpersistencefilter
in particular) populates securitycontextholder
securitycontext
found in http session (if 1 exist).
so if 5 users logged in application, 5 security contexts exist 1 belonging user making request available thread handling request.
and sec part of question, yes, multiple users working same instances of singleton scoped beans. i'm not sure problem. singleton beans may services, daos, etc. , don't store state on can straight changed users.
hopefully brief , simplified post explained it, if not leave comment , i'll add together more details.
more information:
securitycontextpersistencefilter javadoc spring spring-security
No comments:
Post a Comment