public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
HttpServletRequestWrapper
, which uses the
SecurityContext
-defined Authentication
object to implement
the servlet API security methods:
getUserPrincipal()
isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser()
.SecurityContextHolderAwareRequestFilter
Constructor and Description |
---|
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
AuthenticationTrustResolver trustResolver,
java.lang.String rolePrefix)
Creates a new instance
|
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
java.lang.String rolePrefix)
Creates a new instance with
AuthenticationTrustResolverImpl . |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getRemoteUser()
Returns the principal's name, as obtained from the
SecurityContextHolder . |
java.security.Principal |
getUserPrincipal()
Returns the
Authentication (which is a subclass of
Principal ), or null if unavailable. |
boolean |
isUserInRole(java.lang.String role)
Simple searches for an exactly matching
GrantedAuthority.getAuthority() . |
java.lang.String |
toString() |
authenticate, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, java.lang.String rolePrefix)
AuthenticationTrustResolverImpl
.request
- rolePrefix
- public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, java.lang.String rolePrefix)
request
- the original HttpServletRequest
trustResolver
- the AuthenticationTrustResolver
to use. Cannot be
null.rolePrefix
- The prefix to be added to isUserInRole(String)
or null
if no prefix.public java.lang.String getRemoteUser()
SecurityContextHolder
. Properly handles both String
-based
and UserDetails
-based principals.getRemoteUser
in interface javax.servlet.http.HttpServletRequest
getRemoteUser
in class javax.servlet.http.HttpServletRequestWrapper
null
if unavailablepublic java.security.Principal getUserPrincipal()
Authentication
(which is a subclass of
Principal
), or null
if unavailable.getUserPrincipal
in interface javax.servlet.http.HttpServletRequest
getUserPrincipal
in class javax.servlet.http.HttpServletRequestWrapper
Authentication
, or null
public boolean isUserInRole(java.lang.String role)
GrantedAuthority.getAuthority()
.
Will always return false
if the SecurityContextHolder
contains an Authentication
with null
principal
and/or GrantedAuthority[]
objects.
isUserInRole
in interface javax.servlet.http.HttpServletRequest
isUserInRole
in class javax.servlet.http.HttpServletRequestWrapper
role
- the GrantedAuthority
String
representation to
check fortrue
if an exact (case sensitive) matching granted
authority is located, false
otherwisepublic java.lang.String toString()
toString
in class java.lang.Object