In our spring-security configuration we have this:
http.securityContext(
customizer ->
// store the security context as request attribute and not session
customizer.securityContextRepository(
new RequestAttributeSecurityContextRepository()))
However VaadinAwareSecurityContextHolderStrategy attempts to fetch the SecurityContext from the session first and falls back to a self managed ThreadLocal storage. Should it not just assume that, if a RequestAttributeSecurityContextRepository is configured, it can fetch it from there instead ?
In our spring-security configuration we have this:
However VaadinAwareSecurityContextHolderStrategy attempts to fetch the SecurityContext from the session first and falls back to a self managed ThreadLocal storage. Should it not just assume that, if a
RequestAttributeSecurityContextRepository
is configured, it can fetch it from there instead ?