问题描述
我在我的服务中使用异步方法(Spring 3 @Async 注释).我遇到了一个问题 - 生成的线程没有安全上下文.原因是 Spring Security 默认使用 SecurityContextHolder.MODE_THREADLOCAL 策略作为其上下文持有者.但我需要使用 SecurityContextHolder.MODE_INHERITABLETHREADLOCAL 策略.目前,我在 AuthenticationSuccessHandler 中设置了策略.但在我看来,这不是一个好习惯.
I'm using asynchronous methods in my service (Spring 3 @Async annotation). And I've got a problem - spawned thread doesn't have security context. Cause of it is Spring Security by default uses SecurityContextHolder.MODE_THREADLOCAL strategy for its context holder. But I need to use SecurityContextHolder.MODE_INHERITABLETHREADLOCAL strategy.For the moment I set up strategy in my AuthenticationSuccessHandler. But in my point of view it's not a good practice.
那么如何在上下文配置文件中进行设置?
spring security 版本为3.0.0.
So how can I set it up in context configuration file?
Version of spring security is 3.0.0.
推荐答案
您可以将环境变量 spring.security.strategy 设置为 MODE_INHERITABLETHREADLOCAL.您还可以使用一个简单的 bean,在您的 Web 应用程序启动期间调用 SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL) 并在您的上下文配置文件中初始化该值.
You can set the environment variable spring.security.strategy to MODE_INHERITABLETHREADLOCAL. You could also have a simple bean that during your web applications startup calls SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL) and initialize that value in your context configuration file.
这篇关于如何设置 Spring Security SecurityContextHolder 策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!