public class SecurityContextPersistenceFilter
extends org.springframework.web.filter.GenericFilterBean
SecurityContextHolder
with information obtained from the
configured SecurityContextRepository
prior to the request and stores it back in
the repository once the request has completed and clearing the context holder. By
default it uses an HttpSessionSecurityContextRepository
. See this class for
information HttpSession related configuration options.
This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms.
Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect
the SecurityContextHolder
to contain a valid SecurityContext
by the time they execute.
This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is
always available before the filter chain executes (the default is false
,
as this is resource intensive and not recommended).
Constructor and Description |
---|
SecurityContextPersistenceFilter() |
SecurityContextPersistenceFilter(SecurityContextRepository repo) |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setForceEagerSessionCreation(boolean forceEagerSessionCreation) |
public SecurityContextPersistenceFilter()
public SecurityContextPersistenceFilter(SecurityContextRepository repo)
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
java.io.IOException
javax.servlet.ServletException
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)