Package org.springframework.security.core.context

Class SecurityContextHolder

  • public class SecurityContextHolder
extends java.lang.Object
    Associates a given SecurityContext with the current execution thread.

    This class provides a series of static methods that delegate to an instance of SecurityContextHolderStrategy. The purpose of the class is to provide a convenient way to specify the strategy that should be used for a given JVM. This is a JVM-wide setting, since everything in this class is static to facilitate ease of use in calling code.

    To specify which strategy should be used, you must provide a mode setting. A mode setting is one of the three valid MODE_ settings defined as static final fields, or a fully qualified classname to a concrete implementation of SecurityContextHolderStrategy that provides a public no-argument constructor.

    There are two ways to specify the desired strategy mode String. The first is to specify it via the system property keyed on SYSTEM_PROPERTY. The second is to call setStrategyName(String) before using the class. If neither approach is used, the class will default to using MODE_THREADLOCAL, which is backwards compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas MODE_GLOBAL is definitely inappropriate for server use).

    • Constructor Detail

      • SecurityContextHolder

        public SecurityContextHolder()

    • Method Detail

      • clearContext

        public static void clearContext()
        Explicitly clears the context value from the current thread.

      • getContext

        public static SecurityContext getContext()
        Obtain the current SecurityContext.
        Returns:
        the security context (never null)

      • getInitializeCount

        public static int getInitializeCount()
        Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its SecurityContextHolderStrategy.
        Returns:
        the count (should be one unless you've called setStrategyName(String) to switch to an alternate strategy.

      • setContext

        public static void setContext​(SecurityContext context)
        Associates a new SecurityContext with the current thread of execution.
        Parameters:
        context - the new SecurityContext (may not be null)

      • setStrategyName

        public static void setStrategyName​(java.lang.String strategyName)
        Changes the preferred strategy. Do NOT call this method more than once for a given JVM, as it will re-initialize the strategy and adversely affect any existing threads using the old strategy.
        Parameters:
        strategyName - the fully qualified class name of the strategy that should be used.

      • getContextHolderStrategy

        public static SecurityContextHolderStrategy getContextHolderStrategy()
        Allows retrieval of the context strategy. See SEC-1188.
        Returns:
        the configured strategy for storing the security context.

      • createEmptyContext

        public static SecurityContext createEmptyContext()
        Delegates the creation of a new, empty context to the configured strategy.

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object