Home/ Questions/Q 8234569
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T18:31:30+00:00

Summary How do you get the session of a web service client using spring

  • 0

Summary

How do you get the session of a web service client using spring web services and spring security?

Details

After submitting

<form method="POST" action="<c:url value="/j_spring_security_check" />">...</form>

I’ve noticed that you can:

public class MyUserDetailsService implements UserDetailsService {}

Which will allow you to override methods like loadUserByUsername(String username) therefore being able to retrieve the submitted username and do a database lookup to return a user object.

The issue I have, however, is that I’m unsure where SecurityContextHolder gets set. I’m able to get the user object by using this line of code:

User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

But I’m not sure how it gets set in the first place. I would like to know the flow after submitting the above-mentioned form so that I can identify how SecurityContextHolder gets set.

The reason why I want to know this is because I want to use it as a “session” for web service client authentication instead of having the client resubmit credentials with every request.

Spring Version: 3.0.2.RELEASE

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    /j_spring_security_check is handled by the UsernamePasswordAuthenticationFilter which extends AbstractAuthenticationFilter. The security context is set in the latter’s successfulAuthentication method.

    However, web-service clients are usually stateless and would be more likely to use something like Basic authentication with a shared secret. I’m not sure there would be much benefit in rolling your own session system based on the security context contents. If you are worried about performance then you could use a cache of authentication information on the server.

    • 0