Skip to content

Annotate Authentication classes as transient #5481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Jul 3, 2018 · 0 comments
Closed

Annotate Authentication classes as transient #5481

jzheaux opened this issue Jul 3, 2018 · 0 comments
Assignees
@jzheaux
Labels
type: enhancement A general enhancement
Milestone
5.1.0.M2

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jul 3, 2018

Spring Security can be configured as STATELESS, which prevents Authentication tokens from being persisted across the board.

Introducing an annotation would make so that specific Authentication types could be considered stateless without needing to mark the entire application as stateless:

@TransientAuthentication
public class MyTransientAuthenticationToken implements Authentication {
    // ...
}

With the above marker, HttpSessionSecurityContextRepository would ignore this token instead of storing it in the session.

Ensure that this annotation works as a meta-annotation as well as an inherited annotation.
@jzheaux jzheaux added this to the 5.1.0.M2 milestone Jul 3, 2018
@jzheaux jzheaux self-assigned this Jul 3, 2018
@jzheaux jzheaux mentioned this issue Jul 3, 2018
Closed
jzheaux added a commit to jzheaux/spring-security that referenced this issue Jul 13, 2018
@jzheaux
Transient Authentication Tokens
2f1e752 
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: spring-projectsgh-5481
@rwinch rwinch closed this as completed in 3c46727 Jul 16, 2018
rwinch added a commit that referenced this issue Jul 16, 2018
@rwinch
Rename @TransientAuthentication to @transient
ed3ed5e 
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @transient vs creating a new annotation.

Issue: gh-5481
rwinch added a commit that referenced this issue Jul 16, 2018
@rwinch
Rename @TransientAuthentication to @transient
d595098 
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @transient vs creating a new annotation.

Issue: gh-5481
@rwinch rwinch added the type: enhancement A general enhancement label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
5.1.0.M2
Development

No branches or pull requests
2 participants
@rwinch @jzheaux