Spring Security Add a Security Scope

I would like to see a Security Scope So that I could register and inject an object that would be cleared automatically upon logout. I believe this could replace how Authentication is injected into MvC today, though it should still be passed to the method in most cases. We use Vaadin so this in and of itself doesn't work for us.

What I'm currently trying to do is inject an object that hangs off of details. I would also like to get rid of the 32 references to SecurityContextHolder.getContext() since this is a violation of the Dependency Inversion principle of SOLID (and Dependency Injection/Inversion of Control). It would also be useful for SecurityContext itself to be a Bean so that could be injected as a singleton, into singletons, without violating the aforementioned principals.

P.S. I can't find the Authentication Feature for MVC in the security documentation at all https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authentication-securitycontextholder and figuring out that the "samples" area is where I should be looking for the majority of usage documentation is, well it's very confusing. I suspect these subsections of this should really be top level sections. I would expect samples to be links to repositories.

Comment From: jzheaux

This appears to be a duplicate of https://github.com/spring-projects/spring-security/issues/5453. To simplify the conversation, I'll close this one and we can continue over there.

I would also like to get rid of the 32 references to SecurityContextHolder.getContext()

If you can't use MVC method injection to achieve this, some other options are to either publish a Supplier @Bean or you could use ConfigurableListableBeanFactory#registerResolvableDependency and give it an ObjectFactory<SecurityContext>.

P.S. I can't find the Authentication Feature for MVC in the security documentation

Sorry to hear you are having trouble with the documentation, I think you are looking for https://docs.spring.io/spring-security/site/docs/current/reference/html5/#mvc

I would expect samples to be links to repositories

I'm not sure I understand what you mean here. Maybe the best thing is to file a separate ticket for this for further discussion.

Comment From: xenoterracide

haha, 2 years later I still want it, and it still hasn't been even responded to.