Skip to content

Remove SecurityContextPersistenceFilter in Favor of Explicit Saves #9634

New issue
New issue
Open
Open
Remove SecurityContextPersistenceFilter in Favor of Explicit Saves#9634
Assignees
rwinch
Labels
in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement
Milestone
7.0.0-M1
@rwinch

Description

@rwinch
rwinch
opened on Apr 13, 2021

We should remove SecurityContextPersistenceFilter in favor of explicit saves to the SecurityContextRepository. This will provide lots of benefits:

  • There will be no confusion when the SecurityContext should be saved
  • Different types of authentication can save (or not save) the SecurityContext differently
  • This would align with how WebFlux works

We would add a new Filter that only reads the SecurityContext and sets it on SecurityContextHolder. We should also consider providing a simplified API that doesn't involve needing to update the HttpRequestResponseHolder.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions