Refer to Luke Taylor for Best Practice for Getting Active User-Defined UserDetails? to justify the design, to create a custom interface for performing such operations when saving, your code is disconnected from Spring Security. For example, you can write an interface called MyAuthenticator and write an implementation and enter it into your application.
In addition, if your Spring security filters are standard, you do not need to access the HttpSession object. Frame filters take care of this. You should simply write the following in your implementation:
UserDetails userDetails = userDetailsServiceImpl.loadUserByUsername(email); Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication);
I would not recommend using "SPRING_SECURITY_CONTEXT" ( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY ), as it may change in future versions of the framework.
Ritesh
source share