Class WebSessionServerSecurityContextRepository
- java.lang.Object
-
- org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
- All Implemented Interfaces:
ServerSecurityContextRepository
public class WebSessionServerSecurityContextRepository extends java.lang.Object implements ServerSecurityContextRepository
Stores theSecurityContext
in theWebSession
. When aSecurityContext
is saved, the session id is changed to prevent session fixation attacks.- Since:
- 5.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load theSecurityContext
-
Constructor Summary
Constructors Constructor Description WebSessionServerSecurityContextRepository()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description reactor.core.publisher.Mono<SecurityContext>
load(org.springframework.web.server.ServerWebExchange exchange)
Loads the SecurityContext associated with theServerWebExchange
reactor.core.publisher.Mono<java.lang.Void>
save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)
Saves the SecurityContextvoid
setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
Sets the session attribute name used to save and load theSecurityContext
-
-
-
Field Detail
-
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
public static final java.lang.String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load theSecurityContext
- See Also:
- Constant Field Values
-
-
Method Detail
-
setSpringSecurityContextAttrName
public void setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
Sets the session attribute name used to save and load theSecurityContext
- Parameters:
springSecurityContextAttrName
- the session attribute name to use to save and load theSecurityContext
-
save
public reactor.core.publisher.Mono<java.lang.Void> save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)
Description copied from interface:ServerSecurityContextRepository
Saves the SecurityContext- Specified by:
save
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to associate to the SecurityContextcontext
- the SecurityContext to save- Returns:
- a completion notification (success or error)
-
load
public reactor.core.publisher.Mono<SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange)
Description copied from interface:ServerSecurityContextRepository
Loads the SecurityContext associated with theServerWebExchange
- Specified by:
load
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to look up theSecurityContext
- Returns:
- the
SecurityContext
to lookup or empty if not found. Never null
-
-