java – Spring Security如何在跨Web应用程序请求的线程中管理SecurityContext?

SpringSecurity中,它有一个类名SecurityContextHolder及其规范:’将给定的SecurityContext与当前执行线程关联.’使用Web应用程序每当请求到达服务器时,Spring还重新加载并在SecurityContextHolder中为其线程设置该请求的SecurityContext?
最佳答案
是的,SecurityContextPersistenceFilter负责这一点.默认情况下,它会在HttpSession中找到SecurityContext,并通过SecurityContextHolder将其绑定到线程.当请求完成处理时,它会反过来 – 它从线程获取SecurityContext并将其放入会话中.

来自Javadoc:

Populates the SecurityContextHolder with information obtained from the
configured SecurityContextRepository prior to the request and stores
it back in the repository once the request has completed and clearing
the context holder. By default it uses an
HttpSessionSecurityContextRepository.

转载注明原文:java – Spring Security如何在跨Web应用程序请求的线程中管理SecurityContext? - 代码日志