Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove SecurityContextPersistenceFilter in Favor of Explicit Saves #9634

Open
rwinch opened this issue Apr 13, 2021 · 1 comment
Open

Remove SecurityContextPersistenceFilter in Favor of Explicit Saves #9634

rwinch opened this issue Apr 13, 2021 · 1 comment
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Milestone
7.0.0-M1

Comments

@rwinch
Copy link
Member

rwinch commented Apr 13, 2021

We should remove SecurityContextPersistenceFilter in favor of explicit saves to the SecurityContextRepository. This will provide lots of benefits:

  • There will be no confusion when the SecurityContext should be saved
  • Different types of authentication can save (or not save) the SecurityContext differently
  • This would align with how WebFlux works

We would add a new Filter that only reads the SecurityContext and sets it on SecurityContextHolder. We should also consider providing a simplified API that doesn't involve needing to update the HttpRequestResponseHolder.
@rwinch rwinch added the type: enhancement A general enhancement label Apr 13, 2021
@rwinch rwinch added this to the 6.x milestone Apr 13, 2021
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release labels Apr 13, 2021
This was referenced Apr 13, 2021
Closed
Closed
@jzheaux jzheaux mentioned this issue May 21, 2021
Closed
@rwinch rwinch modified the milestones: 6.0.x, 6.0.0-M4 Mar 25, 2022
@sjohnr sjohnr modified the milestones: 6.0.0-M4, 6.0.0-M5, 6.0.0-M6 May 16, 2022
@rwinch rwinch self-assigned this Jun 14, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.0-M6, 6.0.0-M7 Jul 15, 2022
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.0-M7, 6.0.0-RC1 Sep 16, 2022
@rwinch rwinch moved this to In Progress in Spring Security Team Sep 20, 2022
@rwinch rwinch modified the milestones: 6.0.0-RC1, 7.0.0-M1 Oct 4, 2022
@rwinch
Copy link
Member Author

rwinch commented Oct 4, 2022

The defaults have been changed, but we will keep this around till Security 7.0.0-M1 to allow for reverting to the previous behavior for now.

@rwinch rwinch removed the status in Spring Security Team Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M1
Development

No branches or pull requests
3 participants
@rwinch @sjohnr @marcusdacoregio