authentication - Is a SecurityContext shared between requests when using Spring Security? -

-

i'm seeing strange behaviour when using stateless token-based authentication on rest api written using spring boot.

the client includes jwt token each request, , custom filter i've written extends genericfilterbean adds authentication object based on claims in token security context using following :

securitycontextholder.getcontext().setauthentication(authentication);

and clears context after processing request doing :

securitycontextholder.getcontext().setauthentication(null);

however when simple app i've developed performs range of operations, see security context isn't being set correctly - it's null request has supplied token. filter being called correctly, setauthencation() being called, request fails authentication, , throws 403 denied.

if explicitly turn off http session management setting session creation policy stateless, behaviour stops.

any ideas happening here? security context being shared between threads dealing requests in way?

it seems context can shared, according official documentation here : http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html

in application receives concurrent requests in single session, same securitycontext instance shared between threads. though threadlocal being used, same instance retrieved httpsession each thread. has implications if wish temporarily change context under thread running. if use securitycontextholder.getcontext(), , call setauthentication(anauthentication) on returned context object, authentication object change in concurrent threads share same securitycontext instance. can customize behaviour of securitycontextpersistencefilter create new securitycontext each request, preventing changes in 1 thread affecting another. alternatively can create new instance @ point temporarily change context. method securitycontextholder.createemptycontext() returns new context instance.


Comments

Post a Comment

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

-
i'm running nodejs 0.12.3 - gulp 3.10.8 , gulp-nodemon 2.0.3. gulpfile.js : gulp.task('serve', ['build'], function() { gulp.start('fb-flo'); nodemon({ script: paths.server, env: { 'node_env': 'development' }, // env: { 'node_env': 'production' }, execmap: { 'js': 'node_modules/babel/bin/babel-node --stage 1' //es7 cote server }, delay: '0ms', watch: ['src/shared/', 'src/server/'], ignore: ['src/shared/components'], tasks: function (changedfiles) { var tasks = []; changedfiles.foreach(function (file) { if (path.extname(file) === '.jsx' && !~tasks.indexof('bundlejs')) tasks.push('bundlejs'); if (path.extname(file) === '.less' && !~tasks.indexof('compileless')) tasks.push('compileless'); }); return tasks; } ...
Read more

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

-
i trying make simple python program opening list of webpages user manually download reports site. don't have previous experience preparing exe files.. , i'm in learning process python coding. of done on windows 7 x64 this python code: #!c:/python34/python.exe -u splinter import * import time import os import csv #---------------------------------- raporty = [] open('../raporty.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') raporty.append(r) #--not implemented yet zmienne = [] open('../zmienne.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') zmienne.append(r) print("start") browser = browser(...
Read more

javascript - oscilloscope of speaker input stops rendering after a few seconds -

-
the following script reads audio user's microphone , renders oscilloscope on html canvas. the source taken example of mozilla developer network: visualizations web audio api and here fiddle: http://jsfiddle.net/b7j8pktp/ mozgetusermedia (note: code has no fork mechanism different browsers: works firefox) it works fine few seconds , stops rendering. whereas works totally stable: http://mdn.github.io/voice-change-o-matic/ the problem can reduced following code. microphone activation icon (next the address bar in firefox) disappears after 5 seconds: navigator.mozgetusermedia({audio: true}, function() {}, function() {} ); ( http://jsfiddle.net/b7j8pktp/2/ ) this known bug in firefox. take stream getusermedia call , hook window so: navigator.mozgetusermedia({audio: true}, function(stream) { window.stream = stream; // rest of code }, function err() { // handle error }); hopefully can fixed soon. problem we're f...
Read more