Reputation: 323
Java Spring is not clear about what should one expect from getDetails of SecurityContext
How would I know for sure what the following line would return today and in future versions of Spring? I didn't find documentation about this. How can I know for sure what would Spring decide to assign to this field?
SecurityContextHolder.getContext().getAuthentication().getDetails()
According to this you can expect the Spanish Inquisition
Upvotes: 0
Views: 812
Answers (3)
Reputation: 49616
Expect null unless you put something there.
It depends only on the chosen implementation and your actions. You provide this information, not Spring. Spring just made a field to keep additional data related to an authentication instance and allowed you to set everything you want to.
EDIT:
There is one subclass of the Authentication - the AbstractAuthenticationToken which defines the getDetails() and neither of its known implementing classes overrides this method. It implies that the setDetails is one way to change these details externally. Therefore, all the work is moved to a mechanism which fills an authentication (e.g. AuthenticationManager) which normally is controlled by you.
Upvotes: 5
Reputation: 113
That's the way we use details object
public class CustomAuthentication implements Authentication {
private Object details;
@Override
public Object getDetails(){
return details;
}
/** Sets the details */
public void setDetails(Object details){
this.details = details;`enter code here`
}}
You can see that, Spring just support getDetails() function, we can set anything to this object, and getDetails() will return exactly that data.
Upvotes: 0
Reputation: 437
Java Spring is not clear about what should one expect from getDetails of SecurityContext
We cannot say this, because I think Spring developers has given this choice to the security provider implementation.
If you have custom implementation, your security provider has to use one of AbstractAuthenticationToken. As part of AbstractAuthenticationToken you can set the details. AbstractAuthenticationToken.setDetails(details);
For Example, I use CAS(Central Authentication Service). CAS uses UsernamePasswordAuthenticationToken and set the details with DefaultServiceAuthenticationDetails
Which consists below details:
Details: org.springframework.security.cas.web.authentication.DefaultServiceAuthenticationDetails@950d14e5: RemoteIpAddress: xxx.xx.xx.xxx; SessionId: A0A0A0A0BB1B1B1B1ServiceUrl: https://local.example.com/test_application/j_spring_cas_security_check
Upvotes: 3
Related Questions
- Isn't SecurityContextHolder a Bean?
- Spring security context is not updated on AuthenticationManager.authenticate
- Spring security context manual authentication giving strange results
- Spring security use wrong security context when there are two of them
- Spring SecurityContext returning null authentication on error pages
- SecurityContextHolder.getContext().getAuthentication() returns String
- When SecurityContextHolder.setContext() is invoked?
- security util using SecurityContextHolder in spring application
- Getting empty or null SecurityContextHolder.getContext().getAuthentication()
- Unable to retrieve security context from within Spring-Jersey