Class SecurityContextHolderAwareRequestFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SecurityContextHolderAwareRequestFilter extends org.springframework.web.filter.GenericFilterBean
AFilter
which populates theServletRequest
with a request wrapper which implements the servlet API security methods.SecurityContextHolderAwareRequestWrapper
is extended to provide the following additional methods:HttpServletRequest.authenticate(HttpServletResponse)
- Allows the user to determine if they are authenticated and if not send the user to the login page. SeesetAuthenticationEntryPoint(AuthenticationEntryPoint)
.HttpServletRequest.login(String, String)
- Allows the user to authenticate using theAuthenticationManager
. SeesetAuthenticationManager(AuthenticationManager)
.HttpServletRequest.logout()
- Allows the user to logout using theLogoutHandler
s configured in Spring Security. SeesetLogoutHandlers(List)
.AsyncContext.start(Runnable)
- Automatically copy theSecurityContext
from theSecurityContextHolder
found on the Thread that invokedAsyncContext.start(Runnable)
to the Thread that processes theRunnable
.
-
-
Constructor Summary
Constructors Constructor Description SecurityContextHolderAwareRequestFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
void
doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
void
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets theAuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs.void
setAuthenticationManager(AuthenticationManager authenticationManager)
Sets theAuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs.void
setLogoutHandlers(java.util.List<LogoutHandler> logoutHandlers)
Sets theLogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs.void
setRolePrefix(java.lang.String rolePrefix)
void
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used.
-
-
-
Method Detail
-
setRolePrefix
public void setRolePrefix(java.lang.String rolePrefix)
-
setAuthenticationEntryPoint
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the
AuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs. Specifically, it will be used whenHttpServletRequest.authenticate(HttpServletResponse)
is called and the user is not authenticated.If the value is null (default), then the default container behavior will be be retained when invoking
HttpServletRequest.authenticate(HttpServletResponse)
.- Parameters:
authenticationEntryPoint
- theAuthenticationEntryPoint
to use when invokingHttpServletRequest.authenticate(HttpServletResponse)
if the user is not authenticated.
-
setAuthenticationManager
public void setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the
AuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs. Specifically, it will be used whenHttpServletRequest.login(String, String)
is invoked to determine if the user is authenticated.If the value is null (default), then the default container behavior will be retained when invoking
HttpServletRequest.login(String, String)
.- Parameters:
authenticationManager
- theAuthenticationManager
to use when invokingHttpServletRequest.login(String, String)
-
setLogoutHandlers
public void setLogoutHandlers(java.util.List<LogoutHandler> logoutHandlers)
Sets the
LogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs. Specifically it will be used whenHttpServletRequest.logout()
is invoked in order to log the user out. So long as theLogoutHandler
s do not commit theHttpServletResponse
(expected), then the user is in charge of handling the response.If the value is null (default), the default container behavior will be retained when invoking
HttpServletRequest.logout()
.- Parameters:
logoutHandlers
- theList<LogoutHandler>
s when invokingHttpServletRequest.logout()
.
-
doFilter
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
afterPropertiesSet
public void afterPropertiesSet() throws javax.servlet.ServletException
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
- Throws:
javax.servlet.ServletException
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.
-
-