For authenticated Users I have one end point exposed that updates Security context the method has this code
public class LocalUser extends org.springframework.security.core.userdetails.User {
private UserSessionDto user;
}
@UtilityClass
public class LoginUserUtils {
public static void updateUser(UserSessionDto user, Collection<GrantedAuthority> authorities) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
LocalUser localUser = (LocalUser) principal;
localUser.setUser(user);
Authentication newAuth = new UsernamePasswordAuthenticationToken(localUser,
auth.getCredentials(),
authorities);
SecurityContextHolder.getContext().setAuthentication(newAuth);
}
}
public void setGlobalFilterConfig(GlobalFilterDto globalFilterDto) {
SecurityContext context = SecurityContextHolder.getContext();
LocalUser localUser = (LocalUser) context.getAuthentication().getPrincipal();
Collection<GrantedAuthority> authorities = localUser.getAuthorities();
localUser.getUser().setGlobalFilterDto(globalFilterDto);
LoginUserUtils.updateUser(localUser.getUser(), authorities);
}
problem here is when this api called all alon then this is updating as expected but when this API is called with other APIs this is not updating Context
i am using Spring Security 6.2.3 with Redis as session store this same was working when i was on Spring security 5.x.x
this same behaviour is also seen when I logout user using
private static final SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
private void invalidateSession(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
logoutHandler.logout(request, response, authentication);
}
i have attempted saving the context manually by using
org.springframework.security.web.context.SecurityContextRepository.saveContext()
also has the same issue
even i changed the FLUSH_MODE to IMMEDIATE from on save that also did not help
New contributor
hemanta Singh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.