Open tugrulkarakaya opened 1 year ago
It is strange indeed, adds a lot of unnecessary overhead, I think.
i'm learning spring security and i notice that SecurityContextHolder isn't saving the authentication therefore each new request it is validating becouse "SecurityContextHolder.getContext().getAuthentication()" is always null, thats correct or should not be null after save it the first time?
i'm learning spring security and i notice that SecurityContextHolder isn't saving the authentication therefore each new request it is validating becouse "SecurityContextHolder.getContext().getAuthentication()" is always null, thats correct or should not be null after save it the first time?
Finally someone notice it. I mean what's the point of checking if SecurityContext.getContext().getAuthentication() equals to null if it always null. And as metioned in the video after a successfull authentication the context get update then why in the next request it return null.
https://github.com/ali-bouali/spring-boot-3-jwt-security/blame/b0a9c0fba5b7d275e90166bec7695ab785626b04/src/main/java/com/alibou/security/config/JwtAuthenticationFilter.java#L54
querying DB for each request even if token is verified? this should not be there as token signature is verified. for refreshtoken regenerating this is udnerstanble but keeping tokens in db ad queriyng every and each time looks strange. I would keep refreshtokens in db (not tokens) and during refreshtone regeneration I woudl check if still valid)