Announcement Announcement Module
No announcement yet.
Spring SecurityContext in Clustered Environment Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring SecurityContext in Clustered Environment

    We use Spring security 3 in our Application and we get current user details as follows.

    public static SessionUser currentUserDetails() {
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    if (authentication != null) {
    Object principal = authentication.getPrincipal();
    return principal instanceof UserDetails ? (SessionUser) principal
    : null;
    return null;

    Now, we are planning to move this App to a clustered environment. Will there be any code change?
    We are wondering if there is any change in the code for clustered environment?

    Any help on this will be appreciated?


  • #2
    There should be no changes required for Spring Security. You will want to ensure your Web Application is properly configured for a cluster (i.e. session replication, sticky sessions, etc). The exact setup will vary by container, but in short the HttpSession will need to be available to any box the user can be routed to. Of course if you want you can write your own SecurityContextRepository if you like. However, anything you come up with is likely going to be more complex and more work than setting up your application to use the HttpSession properly.