Package org.springframework.security.web.context

Class SaveContextOnUpdateOrErrorResponseWrapper

  • All Implemented Interfaces:
    javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
    @Deprecated
public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends OnCommittedResponseWrapper
    Deprecated.
    Use SecurityContextRepository.loadContext(HttpServletRequest) instead.
    Base class for response wrappers which encapsulate the logic for storing a security context and which store the SecurityContext when a sendError(), sendRedirect, getOutputStream().close(), getOutputStream().flush(), getWriter().close(), or getWriter().flush() happens on the same thread that this SaveContextOnUpdateOrErrorResponseWrapper was created. See issue SEC-398 and SEC-2005.

    Sub-classes should implement the saveContext(SecurityContext context) method.

    Support is also provided for disabling URL rewriting

    Since:
    3.0

    • Field Summary

      • Fields inherited from interface javax.servlet.http.HttpServletResponse

        SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void disableSaveOnResponseCommitted()
      Deprecated.
      Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed.
      java.lang.String encodeRedirectUrl​(java.lang.String url)
      Deprecated.
       
      java.lang.String encodeRedirectURL​(java.lang.String url)
      Deprecated.
       
      java.lang.String encodeUrl​(java.lang.String url)
      Deprecated.
       
      java.lang.String encodeURL​(java.lang.String url)
      Deprecated.
       
      boolean isContextSaved()
      Deprecated.
      Tells if the response wrapper has called saveContext() because of this wrapper.
      protected void onResponseCommitted()
      Deprecated.
      Calls saveContext() with the current contents of the SecurityContextHolder as long as () was not invoked.
      protected abstract void saveContext​(SecurityContext context)
      Deprecated.
      Implements the logic for storing the security context.

      • Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

        addCookie, addDateHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields

      • Methods inherited from class javax.servlet.ServletResponseWrapper

        getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale, setResponse

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface javax.servlet.ServletResponse

        getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale

    • Constructor Detail

      • SaveContextOnUpdateOrErrorResponseWrapper

        public SaveContextOnUpdateOrErrorResponseWrapper​(javax.servlet.http.HttpServletResponse response,
                                                 boolean disableUrlRewriting)
        Deprecated.
        Parameters:
        response - the response to be wrapped
        disableUrlRewriting - turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.

    • Method Detail

      • disableSaveOnResponseCommitted

        public void disableSaveOnResponseCommitted()
        Deprecated.
        Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed. This can be useful in the event that Async Web Requests are made which may no longer contain the SecurityContext on it.

      • saveContext

        protected abstract void saveContext​(SecurityContext context)
        Deprecated.
        Implements the logic for storing the security context.
        Parameters:
        context - the SecurityContext instance to store

      • onResponseCommitted

        protected void onResponseCommitted()
        Deprecated.
        Calls saveContext() with the current contents of the SecurityContextHolder as long as () was not invoked.
        Specified by:
        onResponseCommitted in class OnCommittedResponseWrapper

      • encodeRedirectUrl

        public final java.lang.String encodeRedirectUrl​(java.lang.String url)
        Deprecated.
        Specified by:
        encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper

      • encodeRedirectURL

        public final java.lang.String encodeRedirectURL​(java.lang.String url)
        Deprecated.
        Specified by:
        encodeRedirectURL in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper

      • encodeUrl

        public final java.lang.String encodeUrl​(java.lang.String url)
        Deprecated.
        Specified by:
        encodeUrl in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeUrl in class javax.servlet.http.HttpServletResponseWrapper

      • encodeURL

        public final java.lang.String encodeURL​(java.lang.String url)
        Deprecated.
        Specified by:
        encodeURL in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeURL in class javax.servlet.http.HttpServletResponseWrapper

      • isContextSaved

        public final boolean isContextSaved()
        Deprecated.
        Tells if the response wrapper has called saveContext() because of this wrapper.