WEB/Security

Lesson 8 - The Security Context

Tony Lim 2022. 5. 6. 10:47
728x90

after 

1. username and password login -> get generated otp and store in db

2. username and otp login -> get gernerate token and store in memeory 

with token -> any request beside "/login" go through tokenFilter we made
and therefore spring inject Authentication instance from SecurityContext 

 

by using Async thread that set authentication in securitycontext and thread that execute Hello method is different now -> nohting in securitycontext in hello exectuting thread

 

3 way for SecurityContextHolder mode

MODE_THREADLOCAL = default mode , securitycontext is inside in threadLocal.
- also can be work by wrapping runnable with DelegatingSecurityContextRunnable even with different thread execution

MODE_INHERITABLETHREADLOCAL = securitycontext get copied to new thread which is child thread by using InheritableThreadLocal (jdk)

MODE_GLOBAL = 

we can set in @Configuration class and change securityContextHolder mode

+ SYSTEM_PROPERTY == spring.security.strategy 

 

 

 

728x90