SecurityContextHolderAwareRequestWrapper (Spring Security 3.1.7.RELEASE API)

java.lang.Object
- javax.servlet.ServletRequestWrapper
- - javax.servlet.http.HttpServletRequestWrapper
  - - org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest
```
public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
```
A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().

See Also:
SecurityContextHolderAwareRequestFilter

Field Summary
- Fields inherited from interface javax.servlet.http.HttpServletRequest
  BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors
Constructor and Description

SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix)

Constructors
Constructor and Description
`SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix)`

Method Summary

Methods
Modifier and Type	Method and Description
`String`	`getRemoteUser()` Returns the principal's name, as obtained from the `SecurityContextHolder`.
`Principal`	`getUserPrincipal()` Returns the `Authentication` (which is a subclass of `Principal`), or `null` if unavailable.
`boolean`	`isUserInRole(String role)` Simple searches for an exactly matching `GrantedAuthority.getAuthority()`.
`String`	`toString()`

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid

Methods inherited from class javax.servlet.ServletRequestWrapper
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding

- Constructor Detail
  - SecurityContextHolderAwareRequestWrapper
```
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
                                        String rolePrefix)
```
- Method Detail
  - getRemoteUser
```
public String getRemoteUser()
```
    Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.
    
    Specified by:
    
    getRemoteUser in interface javax.servlet.http.HttpServletRequest
    
    Overrides:
    
    getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper
    
    Returns:
    the username or null if unavailable
  - getUserPrincipal
```
public Principal getUserPrincipal()
```
    Returns the Authentication (which is a subclass of Principal), or null if unavailable.
    
    Specified by:
    
    getUserPrincipal in interface javax.servlet.http.HttpServletRequest
    
    Overrides:
    
    getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper
    
    Returns:
    the Authentication, or null
  - isUserInRole
```
public boolean isUserInRole(String role)
```
    Simple searches for an exactly matching GrantedAuthority.getAuthority().
    Will always return false if the SecurityContextHolder contains an Authentication with nullprincipal and/or GrantedAuthority[] objects.
    
    Specified by:
    
    isUserInRole in interface javax.servlet.http.HttpServletRequest
    
    Overrides:
    
    isUserInRole in class javax.servlet.http.HttpServletRequestWrapper
    
    Parameters:
    role - the GrantedAuthorityString representation to check for
    
    Returns:
    true if an exact (case sensitive) matching granted authority is located, false otherwise
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class Object

Class SecurityContextHolderAwareRequestWrapper

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

Constructor Summary

Method Summary

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

Methods inherited from class javax.servlet.ServletRequestWrapper

Methods inherited from class java.lang.Object

Methods inherited from interface javax.servlet.ServletRequest

Constructor Detail

SecurityContextHolderAwareRequestWrapper

Method Detail

getRemoteUser

getUserPrincipal

isUserInRole

toString