Class WebSessionServerSecurityContextRepository
- java.lang.Object
-
- org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
- All Implemented Interfaces:
ServerSecurityContextRepository
public class WebSessionServerSecurityContextRepository extends java.lang.Object implements ServerSecurityContextRepository
Stores theSecurityContext
in theWebSession
. When aSecurityContext
is saved, the session id is changed to prevent session fixation attacks.- Since:
- 5.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load theSecurityContext
-
Constructor Summary
Constructors Constructor Description WebSessionServerSecurityContextRepository()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description reactor.core.publisher.Mono<SecurityContext>
load(org.springframework.web.server.ServerWebExchange exchange)
Loads the SecurityContext associated with theServerWebExchange
reactor.core.publisher.Mono<java.lang.Void>
save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)
Saves the SecurityContextvoid
setCacheSecurityContext(boolean cacheSecurityContext)
If set to true the result ofload(ServerWebExchange)
will useMono.cache()
to prevent multiple lookups.void
setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
Sets the session attribute name used to save and load theSecurityContext
-
-
-
Field Detail
-
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
public static final java.lang.String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load theSecurityContext
- See Also:
- Constant Field Values
-
-
Method Detail
-
setSpringSecurityContextAttrName
public void setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)
Sets the session attribute name used to save and load theSecurityContext
- Parameters:
springSecurityContextAttrName
- the session attribute name to use to save and load theSecurityContext
-
setCacheSecurityContext
public void setCacheSecurityContext(boolean cacheSecurityContext)
If set to true the result ofload(ServerWebExchange)
will useMono.cache()
to prevent multiple lookups.- Parameters:
cacheSecurityContext
- true ifMono.cache()
should be used, else false.
-
save
public reactor.core.publisher.Mono<java.lang.Void> save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)
Description copied from interface:ServerSecurityContextRepository
Saves the SecurityContext- Specified by:
save
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to associate to the SecurityContextcontext
- the SecurityContext to save- Returns:
- a completion notification (success or error)
-
load
public reactor.core.publisher.Mono<SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange)
Description copied from interface:ServerSecurityContextRepository
Loads the SecurityContext associated with theServerWebExchange
- Specified by:
load
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to look up theSecurityContext
- Returns:
- the
SecurityContext
to lookup or empty if not found. Never null
-
-