balteo
Reputation: 24659
What are the implications of a JPA entity implementing Spring Security UserDetails?
I have a JPA entity called Member. I would like for this entity to implement Spring Security UserDetails and implement a custom JPA-based UserService.
Before doing so, I have a few points of concern that I would like to sort:
- The
Memberentity has got quite a few properties. Can the fact thatMembernow implementsUserDetailsand is therefore stored into HttpSession (seeHttpSessionSecurityContextRepository) impact session usage significantly? - Can I retrieve the currently logged in
Memberby just calling:SecurityContextHolder.getContext().getAuthentication().getPrincipal();and expect all its properties to remain synchronized properly when they are updated elsewhere?
Upvotes: 2
Views: 662
Answers (1)
NimChimpsky
Reputation: 47280
impact session usage significantly?
No.
expect all its properties to remain synchronized properly when they are updated elsewhere?
No, you'll have to manage that yourself ..., ie when you update it somewhere, make sure you also update the instance in memory :
Member member = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
member.setYourField(yourValue); //
Upvotes: 2
Related Questions
- User Roles Spring Data Rest Spring security
- Spring Security use custom UserDetailsService to store custom User object
- Persist org.springframework.security.core.userdetails.User or UserDetails
- Spring's UserDetailsService
- Spring Security + JPA user schema
- Spring Security Custom UserDetailsService with Hibernate
- Spring security and UserDetailsService
- Spring Security custom UserDetailsService and custom User class
- Spring Security: custom userdetails
- Spring Security: do UserDetails and UserDetailsService exist in every kind of application which uses Spring Security?