-
Notifications
You must be signed in to change notification settings - Fork 6.1k
A mechanism to reloading principal #3849
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
You would need to provide a custom |
Don't you think that this should be included in Spring Security? |
@cemo I'm not sure I agree it needs to be in Spring Security, but should be in Spring. Spring Session provides a good way of doing this. |
@rwinch I will be glad that If you can expand a little bid your statement. What should be approach exactly? |
You can access the session and update the attribute to the updated principal. |
I was considering an abstraction to mark user security context dirty by either a session or another approach and then reload it at first request. How does it sound? Does it worth being included in Spring Security Core? |
How do you mark it as dirty? How do you reload the context? |
@rwinch This issue actually prevents our use of Spring Security. We have done workarounds in the past, but it becomes very unwieldy to workaround if you use any other AuthenticationTokens besides the UsernamePasswordAuthenticationToken. There really needs to be a way to reload the principal in an AuthenticationToken type agnostic way. A solution would be to let the user details and authorities to be lazy loaded, or delegated. The issue now is that Authorities are copied at login to the AuthenticationToken so it is impossible to delegate access to those authorities to a database lookup. |
The Issue mentioned by @lglapinski (and #849 plus several others linked there) all relate to Redis sessions. @rwinch would a
be the way to go - and if so, can I just override And if i have done so and instantiated it in my |
You need to explicitly configure the repository
You can find a complete sample here https://github.com/rwinch/spring-security-sample/tree/gh-3849 |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue. |
What are the best practices to reload principal inside and outside (a cron application) of the application. This is a question originating by spring-projects/spring-session#398 (comment) and we have same problem. We have some workarounds to mitigate problem but it would be awesome to have a solution in the first place.
The text was updated successfully, but these errors were encountered: