Skip to content

Introduce @CurrentSecurityContext for method arguments #6546

New issue
New issue
Closed
Closed
Introduce @CurrentSecurityContext for method arguments#6546
Assignees
jzheaux
Labels
in: coreAn issue in spring-security-corein: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
 
5.2.0.M2
@jzheaux

Description

@jzheaux
jzheaux
opened on Feb 20, 2019

A user can easily obtain the current user principal using the @AuthenticationPrincipal annotation, say in a Spring MVC application:

@GetMapping("/path")
public String endpoint(@AuthenticatedPrincipal UserDetails user) {
    // ....
}

It would be nice to be able to do something more fundamental, like obtain the current security context:

@GetMapping("/path")
public String endpoint(@CurrentSecurityContext SecurityContext context) {
    // ....
}

and thus:

@GetMapping("/path")
public String endpoint(@CurrentSecurityContext(expression="authentication") Authentication authentication) {
    // ....
}

This ought to work for both Servlet and WebFlux applications, so we'd need to have two argument resolvers, one that retrieved the security context from SecurityContextHolder and another that got it from ReactiveSecurityContextHolder. Likely, they could be modeled after AuthenticationPrincipalArgumentResolver.

We'd also want to register these respectively in WebMvcSecurityConfiguration and ServerHttpSecurityConfiguration.

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-corein: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions