Spring Security + 线程池, 如果两个请求都调用了某个线程,那么后一个请求会复用 保存的授权信息 authenticationToken 吗?
源码中使用到了TreadLocal
比如:请求1用到了线程1,保存了authenticationToken信息,请求之行结束后,线程空闲了一段时间又被请求二使用,请求二用的authenticationToken是否是线程1的?Spring Security 有没有提供请求请求结束后清除线程内保存的的authenticationToken的功能呢
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException
{
LoginUser loginUser = tokenService.getLoginUser(request);
if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication()))
{
tokenService.verifyToken(loginUser);
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
chain.doFilter(request, response);
}
