org.springframework.security.web.servletapi
Class SecurityContextHolderAwareRequestWrapper
java.lang.Object
javax.servlet.ServletRequestWrapper
javax.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- All Implemented Interfaces:
- HttpServletRequest, ServletRequest
public class SecurityContextHolderAwareRequestWrapper
- extends HttpServletRequestWrapper
A Spring Security-aware HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement the servlet API security
methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().
- Version:
- $Id: SecurityContextHolderAwareRequestWrapper.java 3925 2009-10-05 19:28:53Z ltaylor $
- Author:
- Orlando Garcia Carmona, Ben Alex, Luke Taylor
- See Also:
SecurityContextHolderAwareRequestFilter
| Methods inherited from class javax.servlet.http.HttpServletRequestWrapper |
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid |
| Methods inherited from class javax.servlet.ServletRequestWrapper |
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface javax.servlet.ServletRequest |
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding |
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request,
String rolePrefix)
getRemoteUser
public String getRemoteUser()
- Returns the principal's name, as obtained from the
SecurityContextHolder. Properly handles
both String-based and UserDetails-based principals.
- Specified by:
getRemoteUser in interface HttpServletRequest- Overrides:
getRemoteUser in class HttpServletRequestWrapper
- Returns:
- the username or
null if unavailable
getUserPrincipal
public Principal getUserPrincipal()
- Returns the
Authentication (which is a subclass of Principal), or
null if unavailable.
- Specified by:
getUserPrincipal in interface HttpServletRequest- Overrides:
getUserPrincipal in class HttpServletRequestWrapper
- Returns:
- the
Authentication, or null
isUserInRole
public boolean isUserInRole(String role)
- Simple searches for an exactly matching
GrantedAuthority.getAuthority().
Will always return false if the SecurityContextHolder contains an
Authentication with nullprincipal and/or GrantedAuthority[]
objects.
- Specified by:
isUserInRole in interface HttpServletRequest- Overrides:
isUserInRole in class HttpServletRequestWrapper
- Parameters:
role - the GrantedAuthorityString representation to check for
- Returns:
true if an exact (case sensitive) matching granted authority is located,
false otherwise
Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.