org.springframework.security.web.context
Class SecurityContextPersistenceFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.context.SecurityContextPersistenceFilter
All Implemented Interfaces:
Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware
Direct Known Subclasses:
HttpSessionContextIntegrationFilter

public class SecurityContextPersistenceFilter
extends GenericFilterBean

Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses an HttpSessionSecurityContextRepository. See this class for information HttpSession related configuration options.

This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.

This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder to contain a valid SecurityContext by the time they execute.

This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.

The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is false, as this is resource intensive and not recommended).

Since:
3.0
Version:
$Id: SecurityContextPersistenceFilter.java 3813 2009-08-10 14:18:18Z ltaylor $
Author:
Luke Taylor

Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
SecurityContextPersistenceFilter()
           
 
Method Summary
 void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
           
 void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
           
 void setSecurityContextRepository(SecurityContextRepository repo)
           
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityContextPersistenceFilter

public SecurityContextPersistenceFilter()
Method Detail

doFilter

public void doFilter(ServletRequest req,
                     ServletResponse res,
                     FilterChain chain)
              throws IOException,
                     ServletException
Throws:
IOException
ServletException

setSecurityContextRepository

public void setSecurityContextRepository(SecurityContextRepository repo)

setForceEagerSessionCreation

public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.