Vojtěch
Reputation: 12416
java.security.Principal - creation in HttpServletRequest and Spring Security
I am unable to find how the java.security.Principal in HttpServletRequest is created - who is responsible? How it is done? Is it necessarily kept in Session?
How it is connected to Spring Security?
Are there any alternatives to Spring Security which uses Principal for User authorization/authentication?
How would one implement own user authorization/authentication so that Principal would contain the current user?
Upvotes: 4
Views: 7580
Answers (2)
vacuum
Reputation: 2273
- typically, Principal object putting in the session after successful login.See documentation.
- Springs
Authenticationinterface extendsPrincipalinterface - Alternatively you can use Apache Shiro
- Implement own
UserDetailsServicewhich wil return your User object(it must implement UserDetails interface) See docs.
Upvotes: 5
Peter Cetinski
Reputation: 2336
The Principal will be set by Spring Security based upon your Spring Security configuration.
To implement this, please see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity.html
Upvotes: -1
Related Questions
- Get access to HttpServletRequest within a custom AuthenticationProvider
- Spring Security @AuthenticationPrincipal
- How can I access the HttpServletRequest object during user authentication in Spring Security?
- Spring security requests authorization
- Authorization and Authentication with Spring Security
- Authorization using Spring Security
- Some information about the Java HttpServletRequest and Principal object
- Authenticating with Spring Security
- Get Spring Principal User From HTTPSession From a Servlet
- Spring security accessing principal