How to reload Spring Security Principal after updating in Hibernate?

alwinc picture alwinc · Oct 25, 2011 · Viewed 28.6k times · Source

This must be a common issue... and I feel that after googling, and SOing I must have just not looked around thoroughly for the answer enough or that no1 has asked it... so please forgive me.

I am using Spring Security with Hibernate etc.

So a User/principal has logged in and made some changes to their profile.

I use my DAO to update the profile (UserDetails), and I want my Principal to automatically reflect this update.

However when I get the Principal again, I get the dirty version (from my initial login).

Does anyone know of how I can get Spring Security to reload from Hibernate the updated UserDetails?

Answer

alwinc picture alwinc · Aug 2, 2012

OK dug around and finally found the answer.

We can create a UsernamePasswordAuthenticationToken and assign the updated Principal to the context.

Authentication authentication = new UsernamePasswordAuthenticationToken(userObject, userObject.getPassword(), userObject.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);

See also "How to manually set an authenticated user in Spring Security / SpringMVC".