admin管理员组文章数量:1317906
I was following Client Credentials flow guide from Baeldung, one question that occurred to me was - what would happen if during the initial request, when no Token was cached, a second request was received in the application. Would Spring send a second request to authenticate?
I went as far as debugging my application and looked at ClientCredentialsOAuth2AuthorizedClientProvider implementation, but couldn't find any locking mechanism and I didn't know where to look from there.
I was following Client Credentials flow guide from Baeldung, one question that occurred to me was - what would happen if during the initial request, when no Token was cached, a second request was received in the application. Would Spring send a second request to authenticate?
I went as far as debugging my application and looked at ClientCredentialsOAuth2AuthorizedClientProvider implementation, but couldn't find any locking mechanism and I didn't know where to look from there.
1 Answer
Reset to default 6 +50Yes, it will. This is a typical race condition, and Spring Security does not have built-in preventive measures against it. If a second request arrives while no token is cached, Spring will send another authentication request.
Similar issues have been discussed before (e.g., #11461, #14123), and the Spring team’s stance is that handling this should be the application's responsibility.
If this causes issues for you, consider implementing a custom synchronization mechanism to prevent multiple simultaneous authentication requests. You can also provide feedback or explore potential solution in this open issue: #15145.
本文标签: javaDoes client credentials flow prevent from concurrent authentication attemptsStack Overflow
版权声明:本文标题:java - Does client credentials flow prevent from concurrent authentication attempts? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742031704a2416562.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论