Caching the current user

maneesh2 · November 11, 2025, 2:19am

The sample code from https://start.vaadin.com/ has

@Component
public class AuthenticatedUser {

    private final UserRepository userRepository;
    private final AuthenticationContext authenticationContext;

    public AuthenticatedUser(AuthenticationContext authenticationContext, UserRepository userRepository) {
        this.userRepository = userRepository;
        this.authenticationContext = authenticationContext;
    }

    @Transactional
    public Optional<User> get() {
        return authenticationContext.getAuthenticatedUser(UserDetails.class)
                .flatMap(userDetails -> userRepository.findByUsername(userDetails.getUsername()));
    }

    public void logout() {
        authenticationContext.logout();
    }
}

Every call to AuthenticatedUser.get() results in a DB call.

What is the recommended way to cache the current user?
-Inside the AuthenticatedUser?
-In the VaadinSession?
-Anything else?

todo42 · November 11, 2025, 8:43am

I usually use default Spring caching via annotations see Caching :: Spring Boot

enable caching in your main class via @EnableCaching
cache the result of your userRepository method like so:

@Cacheable(value = CACHE_USER_BY_USERNAME, key = "#username")
public UserDetails findByUsername(String username) {
 // ... DB calls etc. 
}

evict this cache on every save/update method for the userDetails

@Caching(evict = {
        @CacheEvict(value = CACHE_USER_BY_USERNAME, allEntries = false, key = "#user.username", condition = "#user.username != null"),
    })
    public UserDetails save(User user) {
  // ... DB calls etc.
}

Some hints:

use static final String constants for cache name for reusing in CacheEvict
use allEntries = true if your’re unsure about your pojo … but cache performace gets worser

But be aware:
There are only two hard things in Computer Science: cache invalidation and naming things.
– Phil Karlton

OnDemand · November 11, 2025, 9:12am

Thats quite interesting! Where is that Cache persisted?

todo42 · November 11, 2025, 9:44am

Thats depends on the implementation
The Spring default is in-memory using simple map structures

maneesh2 · November 11, 2025, 12:49pm

Since my requirement was to cache only the currently logged in user, I ended up caching it in the VaadinSession

I was actually not aware of the spring caching mechanism. Learnt something new today!
Thank you Dominik!

knoobie · November 11, 2025, 9:16pm

Just asking the obvious question: why not use the default of spring security? Servlet Authentication Architecture :: Spring Security

todo42 · November 12, 2025, 7:35pm

@knoobie What did you mean with default of spring security ?

The usage of UserDetails is default and the use of a default cache mechanism is … default

knoobie · November 12, 2025, 9:11pm

Spring Security already handles the current user via SecurityContext(Holder) so I was wondering why you wanna reinvent the wheel

todo42 · November 13, 2025, 8:22am

IMO the SpringSecurityContextHolder contains an Authentication object, which is normally kind of UsernamePasswordAuthenticationToken containing a username. If you need more data than the userDetails object already contains and you need to fetch those from your database you can benefit from such caching strategy. But you’re right, my example was a little simplified regarding that extrapolation
But here @Vaadin projects, we can benefit from AuthenticationContext which contains the authenticated user too and is injectable as Spring Bean

knoobie · November 13, 2025, 8:57am

I was wondering because I normally just call Authentication::getPrincipal (from the security context) and there you get the UserDetails that was previously fetched from your method mentioned above

Jems.3 · December 4, 2025, 11:06am

I’ve handled this by storing the user info in the session instead of trying to cache it manually. Vaadin keeps the session pretty clean, so just grabbing the user from there when needed works well and avoids weird sync issues. Simple and reliable.