Class SecurityContextPersistenceFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.context.SecurityContextPersistenceFilter
-
- All Implemented Interfaces:
javax.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
@Deprecated public class SecurityContextPersistenceFilter extends org.springframework.web.filter.GenericFilterBeanDeprecated.Populates theSecurityContextHolderwith information obtained from the configuredSecurityContextRepositoryprior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses anHttpSessionSecurityContextRepository. See this class for information HttpSession related configuration options.This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the
SecurityContextHolderto contain a validSecurityContextby the time they execute.This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is
false, as this is resource intensive and not recommended).- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description SecurityContextPersistenceFilter()Deprecated.SecurityContextPersistenceFilter(SecurityContextRepository repo)Deprecated.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)Deprecated.voidsetForceEagerSessionCreation(boolean forceEagerSessionCreation)Deprecated.voidsetSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)Deprecated.Sets theSecurityContextHolderStrategyto use.
-
-
-
Constructor Detail
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter()
Deprecated.
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter(SecurityContextRepository repo)
Deprecated.
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletExceptionDeprecated.- Throws:
java.io.IOExceptionjavax.servlet.ServletException
-
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
Deprecated.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Deprecated.Sets theSecurityContextHolderStrategyto use. The default action is to use theSecurityContextHolderStrategystored inSecurityContextHolder.- Since:
- 5.8
-
-