You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SecurityContextHolder is the most fundamental object where we store details of the present security context of the application (includes details of the principal). Spring Security uses an Authentication object to represent this information and we can query this Authentication object from anywhere in our application:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
// currently authenticated user
Object principal = authentication.getPrincipal();
To clarify, the reason why JWT is considered stateless is because we do not need to store the user's session in the server. Instead, the client is responsible for storing session details in the form of the jwt token.
The line SecurityContextHolder.getContext().setAuthentication(authentication); does not store the session details in a session store, instead it is just simply used to tell Spring Security that the user is authenticated.
Hi May I ask what is the use of
SecurityContextHolder.getContext().setAuthentication(authentication);
in the AuthController?
I thought JWT was session-less and stateless. Thank you
The text was updated successfully, but these errors were encountered: