Open Crain-32 opened 6 months ago
Hi, @Crain-32. Can you elaborate more on what you would like to be detailed? At first, it doesn't feel that it should be included in the documentation as it can happen with any entity, not just the ones related to Spring Security. I think that such documentation is out of scope.
@marcusdacoregio I think something like the following Screenshot would be fine.
Not a full section, just a nice little "heads up".
Obviously the wording can (and likely should) change. This is just the example.
Expected Behavior Quick Note about JPA Caching Interactions with the Authentication Chain
Current Behavior Nothing currently noting the interaction with the
EntityManager
when using defaults.Context (This is mostly Conjecture, based on Stack Traces and a lot of break point, but the Current Behavior is currect) As the Spring Security Filter Chain is typically one of the first filters, the
OpenEntityManagerInViewFilter
/OpenEntityInViewInterceptor
Filters are not called yet. This means if yourUserDetailsService
is JPA based, any DB Entity will not be associated to the JPA Persistence Context for the rest of the request. Although this behavior is preferred, it would be good to document that the Entity is unmanaged when using defaults.