public class WebSessionServerSecurityContextRepository extends java.lang.Object implements ServerSecurityContextRepository
SecurityContext
in the
WebSession
. When a SecurityContext
is
saved, the session id is changed to prevent session fixation attacks.Modifier and Type | Field and Description |
---|---|
static java.lang.String |
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load the
SecurityContext |
Constructor and Description |
---|
WebSessionServerSecurityContextRepository() |
Modifier and Type | Method and Description |
---|---|
reactor.core.publisher.Mono<SecurityContext> |
load(org.springframework.web.server.ServerWebExchange exchange)
Loads the SecurityContext associated with the
ServerWebExchange |
reactor.core.publisher.Mono<java.lang.Void> |
save(org.springframework.web.server.ServerWebExchange exchange,
SecurityContext context)
Saves the SecurityContext
|
void |
setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
Sets the session attribute name used to save and load the
SecurityContext |
public static final java.lang.String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
SecurityContext
public WebSessionServerSecurityContextRepository()
public void setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
SecurityContext
springSecurityContextAttrName
- the session attribute name to use to save and
load the SecurityContext
public reactor.core.publisher.Mono<java.lang.Void> save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)
ServerSecurityContextRepository
save
in interface ServerSecurityContextRepository
exchange
- the exchange to associate to the SecurityContextcontext
- the SecurityContext to savepublic reactor.core.publisher.Mono<SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange)
ServerSecurityContextRepository
ServerWebExchange
load
in interface ServerSecurityContextRepository
exchange
- the exchange to look up the SecurityContext
SecurityContext
to lookup or empty if not found. Never null