Class SaveContextOnUpdateOrErrorResponseWrapper
java.lang.Object
jakarta.servlet.ServletResponseWrapper
jakarta.servlet.http.HttpServletResponseWrapper
org.springframework.security.web.util.OnCommittedResponseWrapper
org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- All Implemented Interfaces:
jakarta.servlet.http.HttpServletResponse
,jakarta.servlet.ServletResponse
Base class for response wrappers which encapsulate the logic for storing a security
context and which store the
SecurityContext
when a
sendError()
, sendRedirect
,
getOutputStream().close()
, getOutputStream().flush()
,
getWriter().close()
, or getWriter().flush()
happens on the
same thread that this SaveContextOnUpdateOrErrorResponseWrapper
was created.
See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context)
method.
Support is also provided for disabling URL rewriting
- Since:
- 3.0
-
Field Summary
Fields inherited from interface jakarta.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
-
Constructor Summary
ConstructorDescriptionSaveContextOnUpdateOrErrorResponseWrapper
(jakarta.servlet.http.HttpServletResponse response, boolean disableUrlRewriting) -
Method Summary
Modifier and TypeMethodDescriptionvoid
Invoke this method to disable automatic saving of theSecurityContext
when theHttpServletResponse
is committed.final String
encodeRedirectUrl
(String url) final String
encodeRedirectURL
(String url) final String
final String
final boolean
Tells if the response wrapper has calledsaveContext()
because of this wrapper.protected void
CallssaveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked.protected abstract void
saveContext
(SecurityContext context) Implements the logic for storing the security context.Methods inherited from class org.springframework.security.web.util.OnCommittedResponseWrapper
addHeader, disableOnResponseCommitted, flushBuffer, getOutputStream, getWriter, isDisableOnResponseCommitted, sendError, sendError, sendRedirect, setContentLength, setContentLengthLong
Methods inherited from class jakarta.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields
Methods inherited from class jakarta.servlet.ServletResponseWrapper
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale, setResponse
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface jakarta.servlet.ServletResponse
getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale
-
Constructor Details
-
SaveContextOnUpdateOrErrorResponseWrapper
public SaveContextOnUpdateOrErrorResponseWrapper(jakarta.servlet.http.HttpServletResponse response, boolean disableUrlRewriting) - Parameters:
response
- the response to be wrappeddisableUrlRewriting
- turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.
-
-
Method Details
-
disableSaveOnResponseCommitted
public void disableSaveOnResponseCommitted()Invoke this method to disable automatic saving of theSecurityContext
when theHttpServletResponse
is committed. This can be useful in the event that Async Web Requests are made which may no longer contain theSecurityContext
on it. -
saveContext
Implements the logic for storing the security context.- Parameters:
context
- the SecurityContext instance to store
-
onResponseCommitted
protected void onResponseCommitted()CallssaveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked.- Specified by:
onResponseCommitted
in classOnCommittedResponseWrapper
-
encodeRedirectUrl
- Specified by:
encodeRedirectUrl
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeRedirectUrl
in classjakarta.servlet.http.HttpServletResponseWrapper
-
encodeRedirectURL
- Specified by:
encodeRedirectURL
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeRedirectURL
in classjakarta.servlet.http.HttpServletResponseWrapper
-
encodeUrl
- Specified by:
encodeUrl
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeUrl
in classjakarta.servlet.http.HttpServletResponseWrapper
-
encodeURL
- Specified by:
encodeURL
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeURL
in classjakarta.servlet.http.HttpServletResponseWrapper
-
isContextSaved
public final boolean isContextSaved()Tells if the response wrapper has calledsaveContext()
because of this wrapper.
-