• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Spring security : Preauthentication

 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Consider a webapp that has been pre-authenticated by an external system, and the authenticated user id is send via request headers. A UserService is invoked to load a custom UserDetails object from the app database. Want to know if the UserService will be invoked every time a request hits the application or only when SecurityContext doesn't have an Authentication object. Won't it be a performance hit if the UserService is called every time the request is passed via filters.
 
ranger
Posts: 17347
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Only the first time to "login. Once that is done the Authentication object is in the SecurityContext, and the ServletFilter that was responsible for doing that has done its job and won't need to do it again, and therefore do nothing more.

Mark
 
reply
    Bookmark Topic Watch Topic
  • New Topic