public class SecurityContextHolder extends Object
SecurityContext
with the current execution thread.
This class provides a series of static methods that delegate to an instance of
SecurityContextHolderStrategy
. The purpose of the class is to provide a
convenient way to specify the strategy that should be used for a given JVM.
This is a JVM-wide setting, since everything in this class is static
to facilitate ease of use in
calling code.
To specify which strategy should be used, you must provide a mode setting. A mode setting is one of the
three valid MODE_
settings defined as static final
fields, or a fully qualified classname
to a concrete implementation of SecurityContextHolderStrategy
that
provides a public no-argument constructor.
There are two ways to specify the desired strategy mode String
. The first is to specify it via
the system property keyed on SYSTEM_PROPERTY
. The second is to call setStrategyName(String)
before using the class. If neither approach is used, the class will default to using MODE_THREADLOCAL
,
which is backwards compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas MODE_GLOBAL
is definitely inappropriate for server use).
Modifier and Type | Field and Description |
---|---|
static String |
MODE_GLOBAL |
static String |
MODE_INHERITABLETHREADLOCAL |
static String |
MODE_THREADLOCAL |
static String |
SYSTEM_PROPERTY |
Constructor and Description |
---|
SecurityContextHolder() |
Modifier and Type | Method and Description |
---|---|
static void |
clearContext()
Explicitly clears the context value from the current thread.
|
static SecurityContext |
createEmptyContext()
Delegates the creation of a new, empty context to the configured strategy.
|
static SecurityContext |
getContext()
Obtain the current
SecurityContext . |
static SecurityContextHolderStrategy |
getContextHolderStrategy()
Allows retrieval of the context strategy.
|
static int |
getInitializeCount()
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its
SecurityContextHolderStrategy . |
static void |
setContext(SecurityContext context)
Associates a new
SecurityContext with the current thread of execution. |
static void |
setStrategyName(String strategyName)
Changes the preferred strategy.
|
String |
toString() |
public static final String MODE_THREADLOCAL
public static final String MODE_INHERITABLETHREADLOCAL
public static final String MODE_GLOBAL
public static final String SYSTEM_PROPERTY
public static void clearContext()
public static SecurityContext getContext()
SecurityContext
.null
)public static int getInitializeCount()
SecurityContextHolderStrategy
.setStrategyName(String)
to switch to an alternate
strategy.public static void setContext(SecurityContext context)
SecurityContext
with the current thread of execution.context
- the new SecurityContext
(may not be null
)public static void setStrategyName(String strategyName)
strategyName
- the fully qualified class name of the strategy that should be used.public static SecurityContextHolderStrategy getContextHolderStrategy()
public static SecurityContext createEmptyContext()