public class SecurityContextHolderAwareRequestWrapper
extends HttpServletRequestWrapper
HttpServletRequestWrapper
, which uses the
SecurityContext
-defined Authentication
object to implement
the servlet API security methods:
getUserPrincipal()
isUserInRole(String)
HttpServletRequestWrapper#getRemoteUser()
.SecurityContextHolderAwareRequestFilter
Constructor and Description |
---|
SecurityContextHolderAwareRequestWrapper(HttpServletRequest request,
AuthenticationTrustResolver trustResolver,
java.lang.String rolePrefix)
Creates a new instance
|
SecurityContextHolderAwareRequestWrapper(HttpServletRequest request,
java.lang.String rolePrefix)
Creates a new instance with
AuthenticationTrustResolverImpl . |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getRemoteUser()
Returns the principal's name, as obtained from the
SecurityContextHolder . |
java.security.Principal |
getUserPrincipal()
Returns the
Authentication (which is a subclass of
Principal ), or null if unavailable. |
boolean |
isUserInRole(java.lang.String role)
Simple searches for an exactly matching
GrantedAuthority.getAuthority() . |
java.lang.String |
toString() |
public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, java.lang.String rolePrefix)
AuthenticationTrustResolverImpl
.request
- rolePrefix
- public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, AuthenticationTrustResolver trustResolver, java.lang.String rolePrefix)
request
- the original HttpServletRequest
trustResolver
- the AuthenticationTrustResolver
to use. Cannot be
null.rolePrefix
- The prefix to be added to isUserInRole(String)
or null
if no prefix.public java.lang.String getRemoteUser()
SecurityContextHolder
. Properly handles both String
-based
and UserDetails
-based principals.null
if unavailablepublic java.security.Principal getUserPrincipal()
Authentication
(which is a subclass of
Principal
), or null
if unavailable.Authentication
, or null
public boolean isUserInRole(java.lang.String role)
GrantedAuthority.getAuthority()
.
Will always return false
if the SecurityContextHolder
contains an Authentication
with null
principal
and/or GrantedAuthority[]
objects.
role
- the GrantedAuthority
String
representation to
check fortrue
if an exact (case sensitive) matching granted
authority is located, false
otherwisepublic java.lang.String toString()