org.springframework.security.web.context
Class SecurityContextPersistenceFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.context.SecurityContextPersistenceFilter
- All Implemented Interfaces:
- Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware
- Direct Known Subclasses:
- HttpSessionContextIntegrationFilter
public class SecurityContextPersistenceFilter
- extends GenericFilterBean
Populates the SecurityContextHolder
with information obtained from
the configured SecurityContextRepository
prior to the request and stores it back in the repository
once the request has completed and clearing the context holder. By default it uses an
HttpSessionSecurityContextRepository
. See this class for information HttpSession related
configuration options.
This filter will only execute once per request, to resolve servlet container (specifically Weblogic)
incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms
(e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder
to contain a valid
SecurityContext
by the time they execute.
This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate
the storage issues to a separate strategy, allowing for more customization in the way the security context is
maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is always available before
the filter chain executes (the default is false
, as this is resource intensive and not recommended).
- Since:
- 3.0
- Version:
- $Id: SecurityContextPersistenceFilter.java 3813 2009-08-10 14:18:18Z ltaylor $
- Author:
- Luke Taylor
Methods inherited from class org.springframework.web.filter.GenericFilterBean |
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter()
doFilter
public void doFilter(ServletRequest req,
ServletResponse res,
FilterChain chain)
throws IOException,
ServletException
- Throws:
IOException
ServletException
setSecurityContextRepository
public void setSecurityContextRepository(SecurityContextRepository repo)
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.