- Create in HttpServletRequest and Spring Security

  • I can't seem to find a way to create in the HttpServletRequest - who is responsible? How it's done? Does it have to be stored in the session?

  • How does it relate to Spring security?

  • Are there any alternatives to Spring Security that uses the Principal to authorize / authenticate the user?

  • How do I implement my own user authorization / authentication so that Principal contains the current user?


source to share

2 answers

  • usually, the main object placing the session after a successful login. See documentation .
  • Sprinter Authentication

    interface extends interfacePrincipal

  • Alternatively, you can use Apache Shiro
  • Implement your own UserDetailsService

    , which will return a User object (it must implement the UserDetails interface). See docs .



The principal will be set to Spring Security based on your Spring Security configuration.

To implement this see



All Articles