GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.0.x'

pull/13178/head
Josh Cummings 3 years ago
parent
d194e2a725 1b4b91a35c
commit
810e57686e
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 9 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      docs/modules/ROOT/pages/servlet/authentication/persistence.adoc

15
docs/modules/ROOT/pages/servlet/authentication/persistence.adoc
Unescape View File

@ -192,9 +192,11 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextPe @@ -192,9 +192,11 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextPe
image::{figures}/securitycontextpersistencefilter.png[]
<1> Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
<2> Next, the application is ran.
<3> Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
image:{icondir}/number_2.png[] Next, the application is ran.
image:{icondir}/number_3.png[] Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`.
This means that when using `SecurityContextPersistenceFilter`, just setting the `SecurityContextHolder` will ensure that the `SecurityContext` is persisted using `SecurityContextRepository`.
In some cases a response is committed and written to the client before the `SecurityContextPersisteneFilter` method completes.
@ -211,11 +213,12 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextHo @@ -211,11 +213,12 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextHo
image::{figures}/securitycontextholderfilter.png[]
<1> Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
<2> Next, the application is ran.
image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`.
image:{icondir}/number_2.png[] Next, the application is ran.
Unlike, xref:servlet/authentication/persistence.adoc#securitycontextpersistencefilter[`SecurityContextPersistenceFilter`], `SecurityContextHolderFilter` only loads the `SecurityContext` it does not save the `SecurityContext`.
This means that when using `SecurityContextHolderFilter`, it is required that the `SecurityContext` is explicitly saved.
include::partial$servlet/architecture/security-context-explicit.adoc[]
include::partial$servlet/architecture/security-context-explicit.adoc[]

Write Preview
Loading…
Cancel
Save