{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 地球回转人心会变 的问题《Spring Security: same SecurityContext-instance in》','https://www.manongdao.com/q-658333.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Ive some questions about Spring Security 3.0.5 and the SecurityContext. First of all, Ill try to conclude what I know:
- SecurityContextHolder stores SecurityContext
- Between Request, SecurityContext is stored in HttpSession
- Begin of Request: SecurityContextHolder gets SecurityContext from HttpSession
End of Request: SecurityContextHolder puts SecurityContext in HttpSession
During the Request, on the server, SecurityContextHolder uses a ThreadLocal. Everywhere in the application (same request), the SecurityContext can be accessed
Now my question....
--> Two Requests: the SecurityContext-instance will be shared
How does this work? I mean, SecurityContextHolder uses a ThreadLocal for Each Request. 2 Request = 2 ThreadLocals
Each request does: getSessionAttribute (SecurityContext) from HttpSession What happens if they work on the SecurityContext? Is the SecurityContext changed in all ThreadLocals?
As far as I know: yes (??)
How does this work? How can they work on the same instance? I mean, I really cant imagine how two different threads with two different ThreadLocals can work on the same instance?
API (ThreadLocal): This class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable.
I mean, thats it: copy! maybe Im wrong and its not possible for two threads to work on the same SecurityContext? But Spring Security Documentation says so!
Would be great if someone could explain that to me :-) Thank you!
Each thread has its own value of
ThreadLocal, but nothing prevents these values from being equal. So, in this case multiple thread would have references to the same instance ofSecurityContext.Usually it's not a problem, but if you want to modify security context, you can enable defensive copying, see SEC-356.