|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javax.servlet.ServletRequestWrapper javax.servlet.http.HttpServletRequestWrapper org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
public class SecurityContextHolderAwareRequestWrapper
A Spring Security-aware HttpServletRequestWrapper
, which uses the
SecurityContext
-defined Authentication
object to implement the servlet API security
methods isUserInRole(String)
and HttpServletRequestWrapper.getRemoteUser()
.
SecurityContextHolderAwareRequestFilter
Field Summary |
---|
Fields inherited from interface javax.servlet.http.HttpServletRequest |
---|
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH |
Constructor Summary | |
---|---|
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
String rolePrefix)
|
Method Summary | |
---|---|
String |
getRemoteUser()
Returns the principal's name, as obtained from the SecurityContextHolder . |
Principal |
getUserPrincipal()
Returns the Authentication (which is a subclass of Principal ), or
null if unavailable. |
boolean |
isUserInRole(String role)
Simple searches for an exactly matching GrantedAuthority.getAuthority() . |
Methods inherited from class javax.servlet.http.HttpServletRequestWrapper |
---|
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid |
Methods inherited from class javax.servlet.ServletRequestWrapper |
---|
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface javax.servlet.ServletRequest |
---|
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding |
Constructor Detail |
---|
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix)
Method Detail |
---|
public String getRemoteUser()
SecurityContextHolder
. Properly handles
both String
-based and UserDetails
-based principals.
getRemoteUser
in interface javax.servlet.http.HttpServletRequest
getRemoteUser
in class javax.servlet.http.HttpServletRequestWrapper
null
if unavailablepublic Principal getUserPrincipal()
Authentication
(which is a subclass of Principal
), or
null
if unavailable.
getUserPrincipal
in interface javax.servlet.http.HttpServletRequest
getUserPrincipal
in class javax.servlet.http.HttpServletRequestWrapper
Authentication
, or null
public boolean isUserInRole(String role)
GrantedAuthority.getAuthority()
.
Will always return false
if the SecurityContextHolder
contains an
Authentication
with null
principal
and/or GrantedAuthority[]
objects.
isUserInRole
in interface javax.servlet.http.HttpServletRequest
isUserInRole
in class javax.servlet.http.HttpServletRequestWrapper
role
- the GrantedAuthority
String
representation to check for
true
if an exact (case sensitive) matching granted authority is located,
false
otherwise
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |