SecurityContextHolderAwareRequestWrapper (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.servletapi
Class SecurityContextHolderAwareRequestWrapper

java.lang.Object
  javax.servlet.ServletRequestWrapper
      javax.servlet.http.HttpServletRequestWrapper
          org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

All Implemented Interfaces:: javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods:

getUserPrincipal()
isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser().

See Also:: SecurityContextHolderAwareRequestFilter

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest
`BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH`

Constructor Summary
`SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix)`

Method Summary
`String`	`getRemoteUser()` Returns the principal's name, as obtained from the `SecurityContextHolder`.
`Principal`	`getUserPrincipal()` Returns the `Authentication` (which is a subclass of `Principal`), or `null` if unavailable.
`boolean`	`isUserInRole(String role)` Simple searches for an exactly matching `GrantedAuthority.getAuthority()`.
`String`	`toString()`

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
`authenticate, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout`

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout

Methods inherited from class javax.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Methods inherited from interface javax.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Constructor Detail

SecurityContextHolderAwareRequestWrapper

public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
                                                String rolePrefix)

Method Detail

getRemoteUser

public String getRemoteUser()

Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.

Specified by:: getRemoteUser in interface javax.servlet.http.HttpServletRequest
Overrides:: getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper

Returns:: the username or null if unavailable

getUserPrincipal

public Principal getUserPrincipal()

Returns the Authentication (which is a subclass of Principal), or null if unavailable.

Specified by:: getUserPrincipal in interface javax.servlet.http.HttpServletRequest
Overrides:: getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper

Returns:: the Authentication, or null

isUserInRole

public boolean isUserInRole(String role)

Simple searches for an exactly matching GrantedAuthority.getAuthority().

Will always return false if the SecurityContextHolder contains an Authentication with nullprincipal and/or GrantedAuthority[] objects.

Specified by:: isUserInRole in interface javax.servlet.http.HttpServletRequest
Overrides:: isUserInRole in class javax.servlet.http.HttpServletRequestWrapper

Parameters:: role - the GrantedAuthorityString representation to check for
Returns:: true if an exact (case sensitive) matching granted authority is located, false otherwise

toString

public String toString()

Overrides:: toString in class Object