Yes. Spring Security Security Context is stored as a value inside your session. Therefore, if your session is replicated, the security context will be the same, so it does not matter what kind of working action your authenticated user gets into.
Of course, session replication is not instantaneous, so itβs possible that if your user authenticated just before the server went down, the fault tolerance server might not be able to get the replicated context. But if they authenticated and continued to do a bunch of things, and then the server failed, the security context would have been replicated, and the user session should have picked up where it left off on the new fault tolerance server.
This will be slightly different from tomcat vs jboss vs weblogic, so you really need to check to make sure your specific use case is closed.
nont
source share