after
1. username and password login -> get generated otp and store in db
2. username and otp login -> get gernerate token and store in memeory
with token -> any request beside "/login" go through tokenFilter we made
and therefore spring inject Authentication instance from SecurityContext
by using Async thread that set authentication in securitycontext and thread that execute Hello method is different now -> nohting in securitycontext in hello exectuting thread
3 way for SecurityContextHolder mode
MODE_THREADLOCAL = default mode , securitycontext is inside in threadLocal.
- also can be work by wrapping runnable with DelegatingSecurityContextRunnable even with different thread execution
MODE_INHERITABLETHREADLOCAL = securitycontext get copied to new thread which is child thread by using InheritableThreadLocal (jdk)
MODE_GLOBAL =
we can set in @Configuration class and change securityContextHolder mode
+ SYSTEM_PROPERTY == spring.security.strategy
'WEB > Security' 카테고리의 다른 글
Lesson 10 - (Cross-Origin Resource Sharing) CORS (0) | 2022.05.06 |
---|---|
Lesson 9 - (Cross-Site Request Forgery) CSRF (0) | 2022.05.06 |
Lesson 6 - Multiple Authentication Providers Part 1 ,2 (0) | 2022.05.05 |
Lesson 5 - The filter chain (0) | 2022.05.05 |
Lesson 4 - The AuthenticationProvider (0) | 2022.05.05 |