A user can easily obtain the current user principal using the @AuthenticationPrincipal annotation, say in a Spring MVC application:
@GetMapping("/path")
public String endpoint(@AuthenticatedPrincipal UserDetails user) {
// ....
}It would be nice to be able to do something more fundamental, like obtain the current security context:
@GetMapping("/path")
public String endpoint(@CurrentSecurityContext SecurityContext context) {
// ....
}and thus:
@GetMapping("/path")
public String endpoint(@CurrentSecurityContext(expression="authentication") Authentication authentication) {
// ....
}This ought to work for both Servlet and WebFlux applications, so we'd need to have two argument resolvers, one that retrieved the security context from SecurityContextHolder and another that got it from ReactiveSecurityContextHolder. Likely, they could be modeled after AuthenticationPrincipalArgumentResolver.
We'd also want to register these respectively in WebMvcSecurityConfiguration and ServerHttpSecurityConfiguration.
A user can easily obtain the current user principal using the
@AuthenticationPrincipalannotation, say in a Spring MVC application:It would be nice to be able to do something more fundamental, like obtain the current security context:
and thus:
This ought to work for both Servlet and WebFlux applications, so we'd need to have two argument resolvers, one that retrieved the security context from
SecurityContextHolderand another that got it fromReactiveSecurityContextHolder. Likely, they could be modeled afterAuthenticationPrincipalArgumentResolver.We'd also want to register these respectively in
WebMvcSecurityConfigurationandServerHttpSecurityConfiguration.