Class SaveContextOnUpdateOrErrorResponseWrapper
- java.lang.Object
-
- javax.servlet.ServletResponseWrapper
-
- javax.servlet.http.HttpServletResponseWrapper
-
- org.springframework.security.web.util.OnCommittedResponseWrapper
-
- org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
- All Implemented Interfaces:
javax.servlet.http.HttpServletResponse,javax.servlet.ServletResponse
public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends OnCommittedResponseWrapper
Base class for response wrappers which encapsulate the logic for storing a security context and which store theSecurityContextwhen asendError(),sendRedirect,getOutputStream().close(),getOutputStream().flush(),getWriter().close(), orgetWriter().flush()happens on the same thread that thisSaveContextOnUpdateOrErrorResponseWrapperwas created. See issue SEC-398 and SEC-2005.Sub-classes should implement the
saveContext(SecurityContext context)method.Support is also provided for disabling URL rewriting
- Since:
- 3.0
-
-
Field Summary
-
Fields inherited from interface javax.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
-
-
Constructor Summary
Constructors Constructor Description SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voiddisableSaveOnResponseCommitted()Invoke this method to disable automatic saving of theSecurityContextwhen theHttpServletResponseis committed.java.lang.StringencodeRedirectUrl(java.lang.String url)java.lang.StringencodeRedirectURL(java.lang.String url)java.lang.StringencodeUrl(java.lang.String url)java.lang.StringencodeURL(java.lang.String url)booleanisContextSaved()Tells if the response wrapper has calledsaveContext()because of this wrapper.protected voidonResponseCommitted()CallssaveContext()with the current contents of the SecurityContextHolder as long as()was not invoked.protected abstract voidsaveContext(SecurityContext context)Implements the logic for storing the security context.-
Methods inherited from class org.springframework.security.web.util.OnCommittedResponseWrapper
addHeader, disableOnResponseCommitted, flushBuffer, getOutputStream, getWriter, isDisableOnResponseCommitted, sendError, sendError, sendRedirect, setContentLength, setContentLengthLong
-
Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields
-
Methods inherited from class javax.servlet.ServletResponseWrapper
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale, setResponse
-
-
-
-
Constructor Detail
-
SaveContextOnUpdateOrErrorResponseWrapper
public SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)- Parameters:
response- the response to be wrappeddisableUrlRewriting- turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.
-
-
Method Detail
-
disableSaveOnResponseCommitted
public void disableSaveOnResponseCommitted()
Invoke this method to disable automatic saving of theSecurityContextwhen theHttpServletResponseis committed. This can be useful in the event that Async Web Requests are made which may no longer contain theSecurityContexton it.
-
saveContext
protected abstract void saveContext(SecurityContext context)
Implements the logic for storing the security context.- Parameters:
context- the SecurityContext instance to store
-
onResponseCommitted
protected void onResponseCommitted()
CallssaveContext()with the current contents of the SecurityContextHolder as long as()was not invoked.- Specified by:
onResponseCommittedin classOnCommittedResponseWrapper
-
encodeRedirectUrl
public final java.lang.String encodeRedirectUrl(java.lang.String url)
- Specified by:
encodeRedirectUrlin interfacejavax.servlet.http.HttpServletResponse- Overrides:
encodeRedirectUrlin classjavax.servlet.http.HttpServletResponseWrapper
-
encodeRedirectURL
public final java.lang.String encodeRedirectURL(java.lang.String url)
- Specified by:
encodeRedirectURLin interfacejavax.servlet.http.HttpServletResponse- Overrides:
encodeRedirectURLin classjavax.servlet.http.HttpServletResponseWrapper
-
encodeUrl
public final java.lang.String encodeUrl(java.lang.String url)
- Specified by:
encodeUrlin interfacejavax.servlet.http.HttpServletResponse- Overrides:
encodeUrlin classjavax.servlet.http.HttpServletResponseWrapper
-
encodeURL
public final java.lang.String encodeURL(java.lang.String url)
- Specified by:
encodeURLin interfacejavax.servlet.http.HttpServletResponse- Overrides:
encodeURLin classjavax.servlet.http.HttpServletResponseWrapper
-
isContextSaved
public final boolean isContextSaved()
Tells if the response wrapper has calledsaveContext()because of this wrapper.
-
-