Package org.springframework.security.web.context

Class SecurityContextHolderFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.web.context.SecurityContextHolderFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class SecurityContextHolderFilter
extends org.springframework.web.filter.OncePerRequestFilter

A Filter that uses the SecurityContextRepository to obtain the SecurityContext and set it on the SecurityContextHolder. This is similar to SecurityContextPersistenceFilter except that the SecurityContextRepository.saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) must be explicitly invoked to save the SecurityContext. This improves the efficiency and provides better flexibility by allowing different authentication mechanisms to choose individually if authentication should be persisted.

Since:

5.7

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
SecurityContextHolderFilter(SecurityContextRepository securityContextRepository)	Creates a new instance.

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
void	setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch)	Disables SecurityContextHolderFilter for error dispatch.
protected boolean	shouldNotFilterErrorDispatch()

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityContextHolderFilter

public SecurityContextHolderFilter(SecurityContextRepository securityContextRepository)

Creates a new instance.

Parameters:

securityContextRepository - the repository to use. Cannot be null.

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

IOException

shouldNotFilterErrorDispatch

protected boolean shouldNotFilterErrorDispatch()

Overrides:

shouldNotFilterErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

setShouldNotFilterErrorDispatch

public void setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch)

Disables SecurityContextHolderFilter for error dispatch.

Parameters:

shouldNotFilterErrorDispatch - if the Filter should be disabled for error dispatch. Default is false.