SaveContextOnUpdateOrErrorResponseWrapper (Spring Security 3.2.3.RELEASE API)

java.lang.Object
- javax.servlet.ServletResponseWrapper
- - javax.servlet.http.HttpServletResponseWrapper
  - - org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
```
public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
```
Base class for response wrappers which encapsulate the logic for storing a security context and which store the SecurityContext when a sendError(), sendRedirect, getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or getWriter().flush() happens on the same thread that this SaveContextOnUpdateOrErrorResponseWrapper was created. See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context) method.
Support is also provided for disabling URL rewriting

Since:

3.0

Field Summary
- Fields inherited from interface javax.servlet.http.HttpServletResponse
  SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

Constructor Summary

Constructors
Constructor and Description
`SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`disableSaveOnResponseCommitted()` Invoke this method to disable automatic saving of the `SecurityContext` when the `HttpServletResponse` is committed.
`String`	`encodeRedirectUrl(String url)`
`String`	`encodeRedirectURL(String url)`
`String`	`encodeUrl(String url)`
`String`	`encodeURL(String url)`
`void`	`flushBuffer()` Makes sure the context is stored before calling the superclass `flushBuffer()`
`javax.servlet.ServletOutputStream`	`getOutputStream()` Makes sure the context is stored before calling `getOutputStream().close()` or `getOutputStream().flush()`
`PrintWriter`	`getWriter()` Makes sure the context is stored before calling `getWriter().close()` or `getWriter().flush()`
`boolean`	`isContextSaved()` Tells if the response wrapper has called `saveContext()` because of this wrapper.
`protected abstract void`	`saveContext(SecurityContext context)` Implements the logic for storing the security context.
`void`	`sendError(int sc)` Makes sure the session is updated before calling the superclass `sendError()`
`void`	`sendError(int sc, String msg)` Makes sure the session is updated before calling the superclass `sendError()`
`void`	`sendRedirect(String location)` Makes sure the context is stored before calling the superclass `sendRedirect()`

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, setDateHeader, setHeader, setIntHeader, setStatus, setStatus

Methods inherited from class javax.servlet.ServletResponseWrapper
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale, setResponse

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletResponse
getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale

- Constructor Detail
  - SaveContextOnUpdateOrErrorResponseWrapper
```
public SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
                                         boolean disableUrlRewriting)
```
    Parameters:
    response - the response to be wrapped
    disableUrlRewriting - turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.
- Method Detail
  - disableSaveOnResponseCommitted
```
public void disableSaveOnResponseCommitted()
```
    Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed. This can be useful in the event that Async Web Requests are made which may no longer contain the SecurityContext on it.
  - saveContext
```
protected abstract void saveContext(SecurityContext context)
```
    Implements the logic for storing the security context.
    
    Parameters:
    context - the SecurityContext instance to store
  - sendError
```
public final void sendError(int sc)
                     throws IOException
```
    Makes sure the session is updated before calling the superclass sendError()
    
    Specified by:
    
    sendError in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    sendError in class javax.servlet.http.HttpServletResponseWrapper
    
    Throws:
    
    IOException
  - sendError
```
public final void sendError(int sc,
             String msg)
                     throws IOException
```
    Makes sure the session is updated before calling the superclass sendError()
    
    Specified by:
    
    sendError in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    sendError in class javax.servlet.http.HttpServletResponseWrapper
    
    Throws:
    
    IOException
  - sendRedirect
```
public final void sendRedirect(String location)
                        throws IOException
```
    Makes sure the context is stored before calling the superclass sendRedirect()
    
    Specified by:
    
    sendRedirect in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    sendRedirect in class javax.servlet.http.HttpServletResponseWrapper
    
    Throws:
    
    IOException
  - getOutputStream
```
public javax.servlet.ServletOutputStream getOutputStream()
                                                  throws IOException
```
    Makes sure the context is stored before calling getOutputStream().close() or getOutputStream().flush()
    
    Specified by:
    
    getOutputStream in interface javax.servlet.ServletResponse
    
    Overrides:
    
    getOutputStream in class javax.servlet.ServletResponseWrapper
    
    Throws:
    
    IOException
  - getWriter
```
public PrintWriter getWriter()
                      throws IOException
```
    Makes sure the context is stored before calling getWriter().close() or getWriter().flush()
    
    Specified by:
    
    getWriter in interface javax.servlet.ServletResponse
    
    Overrides:
    
    getWriter in class javax.servlet.ServletResponseWrapper
    
    Throws:
    
    IOException
  - flushBuffer
```
public void flushBuffer()
                 throws IOException
```
    Makes sure the context is stored before calling the superclass flushBuffer()
    
    Specified by:
    
    flushBuffer in interface javax.servlet.ServletResponse
    
    Overrides:
    
    flushBuffer in class javax.servlet.ServletResponseWrapper
    
    Throws:
    
    IOException
  - encodeRedirectUrl
```
public final String encodeRedirectUrl(String url)
```
    Specified by:
    
    encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper
  - encodeRedirectURL
```
public final String encodeRedirectURL(String url)
```
    Specified by:
    
    encodeRedirectURL in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper
  - encodeUrl
```
public final String encodeUrl(String url)
```
    Specified by:
    
    encodeUrl in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    encodeUrl in class javax.servlet.http.HttpServletResponseWrapper
  - encodeURL
```
public final String encodeURL(String url)
```
    Specified by:
    
    encodeURL in interface javax.servlet.http.HttpServletResponse
    
    Overrides:
    
    encodeURL in class javax.servlet.http.HttpServletResponseWrapper
  - isContextSaved
```
public final boolean isContextSaved()
```
    Tells if the response wrapper has called saveContext() because of this wrapper.

Class SaveContextOnUpdateOrErrorResponseWrapper

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletResponse

Constructor Summary

Method Summary

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

Methods inherited from class javax.servlet.ServletResponseWrapper

Methods inherited from class java.lang.Object

Methods inherited from interface javax.servlet.ServletResponse

Constructor Detail

SaveContextOnUpdateOrErrorResponseWrapper

Method Detail

disableSaveOnResponseCommitted

saveContext

sendError

sendError

sendRedirect

getOutputStream

getWriter

flushBuffer

encodeRedirectUrl

encodeRedirectURL

encodeUrl

encodeURL

isContextSaved