public class SecurityContextPersistenceFilter extends GenericFilterBean
SecurityContextHolder
with information obtained from
the configured SecurityContextRepository
prior to the request and stores it back in the repository
once the request has completed and clearing the context holder. By default it uses an
HttpSessionSecurityContextRepository
. See this class for information HttpSession related
configuration options.
This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms
(e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder
to contain a valid
SecurityContext
by the time they execute.
This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is always available before
the filter chain executes (the default is false
, as this is resource intensive and not recommended).
logger
Constructor and Description |
---|
SecurityContextPersistenceFilter() |
SecurityContextPersistenceFilter(SecurityContextRepository repo) |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setForceEagerSessionCreation(boolean forceEagerSessionCreation) |
void |
setSecurityContextRepository(SecurityContextRepository repo)
Deprecated.
Use constructor injection
|
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
public SecurityContextPersistenceFilter()
public SecurityContextPersistenceFilter(SecurityContextRepository repo)
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
@Deprecated public void setSecurityContextRepository(SecurityContextRepository repo)
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)