org.springframework.security.web.servletapi
Class SecurityContextHolderAwareRequestWrapper

java.lang.Object
  extended by javax.servlet.ServletRequestWrapper
      extended by javax.servlet.http.HttpServletRequestWrapper
          extended by org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
All Implemented Interfaces:
javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().

See Also:
SecurityContextHolderAwareRequestFilter

Field Summary
 
Fields inherited from interface javax.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
 
Constructor Summary
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, java.lang.String rolePrefix)
           
 
Method Summary
 java.lang.String getRemoteUser()
          Returns the principal's name, as obtained from the SecurityContextHolder.
 java.security.Principal getUserPrincipal()
          Returns the Authentication (which is a subclass of Principal), or null if unavailable.
 boolean isUserInRole(java.lang.String role)
          Simple searches for an exactly matching GrantedAuthority.getAuthority().
 
Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid
 
Methods inherited from class javax.servlet.ServletRequestWrapper
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.servlet.ServletRequest
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding
 

Constructor Detail

SecurityContextHolderAwareRequestWrapper

public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
                                                java.lang.String rolePrefix)
Method Detail

getRemoteUser

public java.lang.String getRemoteUser()
Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.

Specified by:
getRemoteUser in interface javax.servlet.http.HttpServletRequest
Overrides:
getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper
Returns:
the username or null if unavailable

getUserPrincipal

public java.security.Principal getUserPrincipal()
Returns the Authentication (which is a subclass of Principal), or null if unavailable.

Specified by:
getUserPrincipal in interface javax.servlet.http.HttpServletRequest
Overrides:
getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper
Returns:
the Authentication, or null

isUserInRole

public boolean isUserInRole(java.lang.String role)
Simple searches for an exactly matching GrantedAuthority.getAuthority().

Will always return false if the SecurityContextHolder contains an Authentication with nullprincipal and/or GrantedAuthority[] objects.

Specified by:
isUserInRole in interface javax.servlet.http.HttpServletRequest
Overrides:
isUserInRole in class javax.servlet.http.HttpServletRequestWrapper
Parameters:
role - the GrantedAuthorityString representation to check for
Returns:
true if an exact (case sensitive) matching granted authority is located, false otherwise