Class RequestAttributeSecurityContextRepository
- java.lang.Object
-
- org.springframework.security.web.context.RequestAttributeSecurityContextRepository
-
- All Implemented Interfaces:
SecurityContextRepository
public final class RequestAttributeSecurityContextRepository extends java.lang.Object implements SecurityContextRepository
Stores theSecurityContext
on aServletRequest.setAttribute(String, Object)
so that it can be restored when different dispatch types occur. It will not be available on subsequent requests. UnlikeHttpSessionSecurityContextRepository
this filter has no need to persist theSecurityContext
on the response being committed because theSecurityContext
will not be available for subsequent requests forRequestAttributeSecurityContextRepository
.- Since:
- 5.7
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_REQUEST_ATTR_NAME
The default request attribute name to use.
-
Constructor Summary
Constructors Constructor Description RequestAttributeSecurityContextRepository()
Creates a new instance usingDEFAULT_REQUEST_ATTR_NAME
.RequestAttributeSecurityContextRepository(java.lang.String requestAttributeName)
Creates a new instance with the specified request attribute name.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
containsContext(javax.servlet.http.HttpServletRequest request)
Allows the repository to be queried as to whether it contains a security context for the current request.java.util.function.Supplier<SecurityContext>
loadContext(javax.servlet.http.HttpServletRequest request)
Obtains the security context for the supplied request.SecurityContext
loadContext(HttpRequestResponseHolder requestResponseHolder)
Obtains the security context for the supplied request.void
saveContext(SecurityContext context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Stores the security context on completion of a request.
-
-
-
Constructor Detail
-
RequestAttributeSecurityContextRepository
public RequestAttributeSecurityContextRepository()
Creates a new instance usingDEFAULT_REQUEST_ATTR_NAME
.
-
RequestAttributeSecurityContextRepository
public RequestAttributeSecurityContextRepository(java.lang.String requestAttributeName)
Creates a new instance with the specified request attribute name.- Parameters:
requestAttributeName
- the request attribute name to set to theSecurityContext
.
-
-
Method Detail
-
containsContext
public boolean containsContext(javax.servlet.http.HttpServletRequest request)
Description copied from interface:SecurityContextRepository
Allows the repository to be queried as to whether it contains a security context for the current request.- Specified by:
containsContext
in interfaceSecurityContextRepository
- Parameters:
request
- the current request- Returns:
- true if a context is found for the request, false otherwise
-
loadContext
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder)
Description copied from interface:SecurityContextRepository
Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.The use of the HttpRequestResponseHolder parameter allows implementations to return wrapped versions of the request or response (or both), allowing them to access implementation-specific state for the request. The values obtained from the holder will be passed on to the filter chain and also to the saveContext method when it is finally called to allow implicit saves of the SecurityContext. Implementations may wish to return a subclass of
SaveContextOnUpdateOrErrorResponseWrapper
as the response object, which guarantees that the context is persisted when an error or redirect occurs. Implementations may allow passing in the original request response to allow explicit saves.- Specified by:
loadContext
in interfaceSecurityContextRepository
- Parameters:
requestResponseHolder
- holder for the current request and response for which the context should be loaded.- Returns:
- The security context which should be used for the current request, never null.
-
loadContext
public java.util.function.Supplier<SecurityContext> loadContext(javax.servlet.http.HttpServletRequest request)
Description copied from interface:SecurityContextRepository
Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.- Specified by:
loadContext
in interfaceSecurityContextRepository
- Parameters:
request
- theHttpServletRequest
to load theSecurityContext
from- Returns:
- a
Supplier
that returns theSecurityContext
which cannot be null.
-
saveContext
public void saveContext(SecurityContext context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Description copied from interface:SecurityContextRepository
Stores the security context on completion of a request.- Specified by:
saveContext
in interfaceSecurityContextRepository
- Parameters:
context
- the non-null context which was obtained from the holder.
-
-