Class RequestAttributeSecurityContextRepository

    • Field Detail

      • DEFAULT_REQUEST_ATTR_NAME

        public static final java.lang.String DEFAULT_REQUEST_ATTR_NAME
        The default request attribute name to use.
    • Constructor Detail

      • RequestAttributeSecurityContextRepository

        public RequestAttributeSecurityContextRepository()
        Creates a new instance using DEFAULT_REQUEST_ATTR_NAME.
      • RequestAttributeSecurityContextRepository

        public RequestAttributeSecurityContextRepository​(java.lang.String requestAttributeName)
        Creates a new instance with the specified request attribute name.
        Parameters:
        requestAttributeName - the request attribute name to set to the SecurityContext.
    • Method Detail

      • containsContext

        public boolean containsContext​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: SecurityContextRepository
        Allows the repository to be queried as to whether it contains a security context for the current request.
        Specified by:
        containsContext in interface SecurityContextRepository
        Parameters:
        request - the current request
        Returns:
        true if a context is found for the request, false otherwise
      • loadContext

        public SecurityContext loadContext​(HttpRequestResponseHolder requestResponseHolder)
        Description copied from interface: SecurityContextRepository
        Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.

        The use of the HttpRequestResponseHolder parameter allows implementations to return wrapped versions of the request or response (or both), allowing them to access implementation-specific state for the request. The values obtained from the holder will be passed on to the filter chain and also to the saveContext method when it is finally called to allow implicit saves of the SecurityContext. Implementations may wish to return a subclass of SaveContextOnUpdateOrErrorResponseWrapper as the response object, which guarantees that the context is persisted when an error or redirect occurs. Implementations may allow passing in the original request response to allow explicit saves.

        Specified by:
        loadContext in interface SecurityContextRepository
        Parameters:
        requestResponseHolder - holder for the current request and response for which the context should be loaded.
        Returns:
        The security context which should be used for the current request, never null.
      • loadContext

        public java.util.function.Supplier<SecurityContext> loadContext​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: SecurityContextRepository
        Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.
        Specified by:
        loadContext in interface SecurityContextRepository
        Parameters:
        request - the HttpServletRequest to load the SecurityContext from
        Returns:
        a Supplier that returns the SecurityContext which cannot be null.
      • saveContext

        public void saveContext​(SecurityContext context,
                                javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)
        Description copied from interface: SecurityContextRepository
        Stores the security context on completion of a request.
        Specified by:
        saveContext in interface SecurityContextRepository
        Parameters:
        context - the non-null context which was obtained from the holder.