public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends OnCommittedResponseWrapper
SecurityContext
when a
sendError()
, sendRedirect
,
getOutputStream().close()
, getOutputStream().flush()
,
getWriter().close()
, or getWriter().flush()
happens on the
same thread that this SaveContextOnUpdateOrErrorResponseWrapper
was created.
See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context)
method.
Support is also provided for disabling URL rewriting
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
Constructor and Description |
---|
SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
boolean disableUrlRewriting) |
Modifier and Type | Method and Description |
---|---|
void |
disableSaveOnResponseCommitted()
Invoke this method to disable automatic saving of the
SecurityContext when
the HttpServletResponse is committed. |
java.lang.String |
encodeRedirectUrl(java.lang.String url) |
java.lang.String |
encodeRedirectURL(java.lang.String url) |
java.lang.String |
encodeUrl(java.lang.String url) |
java.lang.String |
encodeURL(java.lang.String url) |
boolean |
isContextSaved()
Tells if the response wrapper has called
saveContext() because of this
wrapper. |
protected void |
onResponseCommitted()
Calls
saveContext() with the current contents of the
SecurityContextHolder as long as () was not invoked. |
protected abstract void |
saveContext(SecurityContext context)
Implements the logic for storing the security context.
|
addHeader, disableOnResponseCommitted, flushBuffer, getOutputStream, getWriter, isDisableOnResponseCommitted, sendError, sendError, sendRedirect, setContentLength
addCookie, addDateHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLengthLong, setContentType, setLocale, setResponse
public SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)
response
- the response to be wrappeddisableUrlRewriting
- turns the URL encoding methods into null operations,
preventing the use of URL rewriting to add the session identifier as a URL
parameter.public void disableSaveOnResponseCommitted()
SecurityContext
when
the HttpServletResponse
is committed. This can be useful in the event that
Async Web Requests are made which may no longer contain the SecurityContext
on it.protected abstract void saveContext(SecurityContext context)
context
- the SecurityContext instance to storeprotected void onResponseCommitted()
saveContext()
with the current contents of the
SecurityContextHolder as long as ()
was not invoked.onResponseCommitted
in class OnCommittedResponseWrapper
public final java.lang.String encodeRedirectUrl(java.lang.String url)
encodeRedirectUrl
in interface javax.servlet.http.HttpServletResponse
encodeRedirectUrl
in class javax.servlet.http.HttpServletResponseWrapper
public final java.lang.String encodeRedirectURL(java.lang.String url)
encodeRedirectURL
in interface javax.servlet.http.HttpServletResponse
encodeRedirectURL
in class javax.servlet.http.HttpServletResponseWrapper
public final java.lang.String encodeUrl(java.lang.String url)
encodeUrl
in interface javax.servlet.http.HttpServletResponse
encodeUrl
in class javax.servlet.http.HttpServletResponseWrapper
public final java.lang.String encodeURL(java.lang.String url)
encodeURL
in interface javax.servlet.http.HttpServletResponse
encodeURL
in class javax.servlet.http.HttpServletResponseWrapper
public final boolean isContextSaved()
saveContext()
because of this
wrapper.