Class SecurityContextPersistenceFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.context.SecurityContextPersistenceFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SecurityContextPersistenceFilter extends org.springframework.web.filter.GenericFilterBean
Populates theSecurityContextHolder
with information obtained from the configuredSecurityContextRepository
prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses anHttpSessionSecurityContextRepository
. See this class for information HttpSession related configuration options.This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the
SecurityContextHolder
to contain a validSecurityContext
by the time they execute.This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is
false
, as this is resource intensive and not recommended).- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description SecurityContextPersistenceFilter()
SecurityContextPersistenceFilter(SecurityContextRepository repo)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
void
setForceEagerSessionCreation(boolean forceEagerSessionCreation)
-
-
-
Constructor Detail
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter()
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter(SecurityContextRepository repo)
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
-
-