Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce @CurrentSecurityContext for method arguments #6546

Closed
jzheaux opened this issue Feb 20, 2019 · 5 comments
Closed

Introduce @CurrentSecurityContext for method arguments #6546

jzheaux opened this issue Feb 20, 2019 · 5 comments
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
5.2.0.M2

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Feb 20, 2019

A user can easily obtain the current user principal using the @AuthenticationPrincipal annotation, say in a Spring MVC application:

@GetMapping("/path")
public String endpoint(@AuthenticatedPrincipal UserDetails user) {
    // ....
}

It would be nice to be able to do something more fundamental, like obtain the current security context:

@GetMapping("/path")
public String endpoint(@CurrentSecurityContext SecurityContext context) {
    // ....
}

and thus:

@GetMapping("/path")
public String endpoint(@CurrentSecurityContext(expression="authentication") Authentication authentication) {
    // ....
}

This ought to work for both Servlet and WebFlux applications, so we'd need to have two argument resolvers, one that retrieved the security context from SecurityContextHolder and another that got it from ReactiveSecurityContextHolder. Likely, they could be modeled after AuthenticationPrincipalArgumentResolver.

We'd also want to register these respectively in WebMvcSecurityConfiguration and ServerHttpSecurityConfiguration.
@jzheaux jzheaux added in: core An issue in spring-security-core in: web An issue in web modules (web, webmvc) New Feature labels Feb 20, 2019
@jzheaux jzheaux mentioned this issue Feb 20, 2019
Closed
3 tasks
@jzheaux jzheaux added this to the 5.2.x milestone Feb 20, 2019
@jzheaux jzheaux added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Feb 20, 2019
@clevertension
Copy link
Contributor

@jzheaux are you working on this issue, if not, i think i can provide a PR :)

@jzheaux
Copy link
Contributor Author

jzheaux commented Feb 21, 2019

It's yours, @clevertension!

@jzheaux jzheaux removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Feb 21, 2019
@clevertension
Copy link
Contributor

clevertension commented Feb 22, 2019
edited
Loading

do we need to support the property dig with Authentication?

@GetMapping("/path")
public String endpoint(@CurrentSecurityContext(expression="authentication.details") Object details) {
    // ....
}

if yes,

@CurrentSecurityContext annotation should also have
errorOnInvalidType

@jzheaux
Copy link
Contributor Author

jzheaux commented Feb 22, 2019

@rwinch Is there a compelling need for errorOnInvalidType?

@clevertension clevertension mentioned this issue Feb 26, 2019
Merged
@jzheaux jzheaux modified the milestones: 5.2.x, 5.2.0.M2 Apr 15, 2019
@jgrandja
Copy link
Contributor

Closed via #6562

@rwinch rwinch added the type: enhancement A general enhancement label May 3, 2019
@jzheaux jzheaux self-assigned this Aug 5, 2020
@jzheaux jzheaux mentioned this issue Nov 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M2
Development

No branches or pull requests
4 participants
@clevertension @rwinch @jzheaux @jgrandja