Customizing Spring Security with Legacy Transactions and Authorization
- June 22nd, 2009
- Write comment
A few months ago at work I got stuck with a rather daunting assignment: to make Spring Security work alongside our legacy security model.
The rationale was sound. We have a legacy UI and we want a smooth transition to the new one. Which means that as much of their information, including their credentials need to carry over. Furthermore, our application runs load-balanced in the production environment and we can’t make use of sticky sessions. Which means that the solution needs to integrate with our database-backed sessions. If that was not complicated enough, there was also a lot of hidden authorization code that relied on specific properties being set in ThreadLocal.
After a few months of trial and error, I think I finally have a solution that both works and doesn’t lock the database. There are quite a few steps and the process is somewhat lengthy. For that reason, the rest of this tutorial is under the fold.
Read more
This is my blog about programming. For random stuff, checkout my 