Announcement Announcement Module
No announcement yet.
PayloadValidatingInterceptor error not clearing SecurityContextHolder Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • PayloadValidatingInterceptor error not clearing SecurityContextHolder

    Hi All,

    I am using PayloadValidatingInterceptor for validating request and response.
    When the response validation fails its returning the response message.

    But its not clearing SecurityConetxHolder.

    When I call SecurityContextHolder.getContext().getAuthenticati on().getPrincipal() its returning previous authenticated user.


  • #2
    PayloadValidatingInterceptor validates whether the payload has a valid structure against a provided schema. Why should this clear the security context?
    PayloadValidatingInterceptor is totally independent form other interceptors that you might be using (ie security interceptors) and doesn't interfere with their work, that is unless the payload is invalid in which case the processing chain stops.
    If you prefer not to authenticate a user who send an invalid payload, you can consider positioning the PayloadValidatingInterceptor before your security interceptor.


    • #3
      Thanks for you reply Tarek.

      I have Validtion Interecptor first and SecurityInterceptor Later in the sequence. This error is not due to request errors.

      When response has validation errors some how SecurityConextHolder has old previous authenticated user Information.

      When there are NO response validation errors SecurityContextHolder is clean.

      I am guessing that when PayloadValidatingInterceptor has errors which is causing not to clean up thread local ?

      Once the request is complete all thread context should be nulled out and give back to pool. It does that there are no reponse validation errors but doesn't do that when there are response validation errors. I tried to debug the code , all the way to MessageDispatcherServlet but didn't find any clue.
      Last edited by harshi; May 1st, 2011, 09:34 AM.


      • #4
        Ok. I see what you mean. Can you please open a jira and attach the configuration you are using?


        • #5
          Thank you. I will create a JIRA issue


          • #6
            Here is the JIRA issue



            • #7
              Hi Arjen,

              Can you please look at my JIRA issue? This is causing issue in production

              I have added comments.