Once a开发者_JAVA技巧 user is authenticated I have an Object userID.
Where is the "best" place to store this in Spring using Spring-Security (this is a webapp)?
- Session seems inelegant, because then I have two locations managing authentication (I need special code to manage removing the sesion object when the user is logged out for whatever reason)
- The currentContext.getAutentication().getDetails(...) seems complicated because it is seems to generate the details object per request
There are many options, but the best seems to be somewhere close to the Spring-Security authentication mechanism.
I am not sure about the question. You don't have to store it. The are multiple ways to get it.
- SecurtiryContextHolder if you need the UserDetails object
- request.getRemoteUser() if you need only the loginId
I don't belive that the authentication details are created for each request. I belive they are created once per authentication.
I believe it strongly depends on the way you use the userID.
For example: if you need the userID deep within you business service layer, and the business server layer is implemented nothing to know about web application stuff (Session, ...) up to now, then it would be wise not to use a HttpSession, to keep it "web stuff free".
BTW: A third approach way you can taken in account, is to use a session scope bean.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论