Package org.springframework.security.web.servletapi

Class SecurityContextHolderAwareRequestWrapper

  • All Implemented Interfaces:
    javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest
    public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
    A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods:
    See Also:
    SecurityContextHolderAwareRequestFilter

    • Field Summary

      • Fields inherited from interface javax.servlet.http.HttpServletRequest

        BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getRemoteUser()
      Returns the principal's name, as obtained from the SecurityContextHolder.
      java.security.Principal getUserPrincipal()
      Returns the Authentication (which is a subclass of Principal), or null if unavailable.
      boolean isUserInRole​(java.lang.String role)
      Simple searches for an exactly matching GrantedAuthority.getAuthority().
      void setSecurityContextHolderStrategy​(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use.
      java.lang.String toString()  

      • Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

        authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, login, logout, newPushBuilder, upgrade

      • Methods inherited from class javax.servlet.ServletRequestWrapper

        getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface javax.servlet.ServletRequest

        getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

    • Constructor Detail

      • SecurityContextHolderAwareRequestWrapper

        public SecurityContextHolderAwareRequestWrapper​(javax.servlet.http.HttpServletRequest request,
                                                java.lang.String rolePrefix)
        Creates a new instance with AuthenticationTrustResolverImpl.
        Parameters:
        request -
        rolePrefix -

      • SecurityContextHolderAwareRequestWrapper

        public SecurityContextHolderAwareRequestWrapper​(javax.servlet.http.HttpServletRequest request,
                                                AuthenticationTrustResolver trustResolver,
                                                java.lang.String rolePrefix)
        Creates a new instance
        Parameters:
        request - the original HttpServletRequest
        trustResolver - the AuthenticationTrustResolver to use. Cannot be null.
        rolePrefix - The prefix to be added to isUserInRole(String) or null if no prefix.

    • Method Detail

      • getRemoteUser

        public java.lang.String getRemoteUser()
        Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.
        Specified by:
        getRemoteUser in interface javax.servlet.http.HttpServletRequest
        Overrides:
        getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper
        Returns:
        the username or null if unavailable

      • getUserPrincipal

        public java.security.Principal getUserPrincipal()
        Returns the Authentication (which is a subclass of Principal), or null if unavailable.
        Specified by:
        getUserPrincipal in interface javax.servlet.http.HttpServletRequest
        Overrides:
        getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper
        Returns:
        the Authentication, or null

      • isUserInRole

        public boolean isUserInRole​(java.lang.String role)
        Simple searches for an exactly matching GrantedAuthority.getAuthority().

        Will always return false if the SecurityContextHolder contains an Authentication with null principal and/or GrantedAuthority[] objects.

        Specified by:
        isUserInRole in interface javax.servlet.http.HttpServletRequest
        Overrides:
        isUserInRole in class javax.servlet.http.HttpServletRequestWrapper
        Parameters:
        role - the GrantedAuthorityString representation to check for
        Returns:
        true if an exact (case sensitive) matching granted authority is located, false otherwise

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object