This must be a common issue... and I feel that after googling, and SOing I must have just not looked around thoroughly for the answer enough or that no1 has asked it... so please forgive me.
I am using Spring Security with Hibernate etc.
So a User/principal has logged in and made some changes to their profile.
I use my DAO to update the profile (UserDetails), and I want my Principal to automatically reflect this update.
However when I get the Principal again, I get the dirty version (from my initial login).
Does anyone know of how I can get Spring Security to reload from Hibernate the updated UserDetails?
OK dug around and finally found the answer.
We can create a UsernamePasswordAuthenticationToken and assign the updated Principal to the context.
Authentication authentication = new UsernamePasswordAuthenticationToken(userObject, userObject.getPassword(), userObject.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
See also "How to manually set an authenticated user in Spring Security / SpringMVC".
来源:https://stackoverflow.com/questions/7889660/how-to-reload-spring-security-principal-after-updating-in-hibernate