Package org.springframework.security.web.servletapi

Class SecurityContextHolderAwareRequestFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class SecurityContextHolderAwareRequestFilter
extends org.springframework.web.filter.GenericFilterBean

A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

SecurityContextHolderAwareRequestWrapper is extended to provide the following additional methods:

• HttpServletRequest.authenticate(HttpServletResponse) - Allows the user to determine if they are authenticated and if not send the user to the login page. See setAuthenticationEntryPoint(AuthenticationEntryPoint).
• HttpServletRequest.login(String, String) - Allows the user to authenticate using the AuthenticationManager. See setAuthenticationManager(AuthenticationManager).
• HttpServletRequest.logout() - Allows the user to logout using the LogoutHandlers configured in Spring Security. See setLogoutHandlers(List).
• AsyncContext.start(Runnable) - Automatically copy the SecurityContext from the SecurityContextHolder found on the Thread that invoked AsyncContext.start(Runnable) to the Thread that processes the Runnable.

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
SecurityContextHolderAwareRequestFilter()

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()
void	doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain)
void	setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)	Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.
void	setAuthenticationManager(AuthenticationManager authenticationManager)	Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.
void	setLogoutHandlers(List<LogoutHandler> logoutHandlers)	Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.
void	setRolePrefix(String rolePrefix)
void	setTrustResolver(AuthenticationTrustResolver trustResolver)	Sets the AuthenticationTrustResolver to be used.

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityContextHolderAwareRequestFilter

public SecurityContextHolderAwareRequestFilter()

Method Details

setRolePrefix

public void setRolePrefix(String rolePrefix)

setAuthenticationEntryPoint

public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse) is called and the user is not authenticated.

If the value is null (default), then the default container behavior will be be retained when invoking HttpServletRequest.authenticate(HttpServletResponse) .

Parameters:

authenticationEntryPoint - the AuthenticationEntryPoint to use when invoking HttpServletRequest.authenticate(HttpServletResponse) if the user is not authenticated.

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)

Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.login(String, String) is invoked to determine if the user is authenticated.

If the value is null (default), then the default container behavior will be retained when invoking HttpServletRequest.login(String, String).

Parameters:

authenticationManager - the AuthenticationManager to use when invoking HttpServletRequest.login(String, String)

setLogoutHandlers

public void setLogoutHandlers(List<LogoutHandler> logoutHandlers)

Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs. Specifically it will be used when HttpServletRequest.logout() is invoked in order to log the user out. So long as the LogoutHandlers do not commit the HttpServletResponse (expected), then the user is in charge of handling the response.

If the value is null (default), the default container behavior will be retained when invoking HttpServletRequest.logout().

Parameters:

logoutHandlers - the List<LogoutHandler>s when invoking HttpServletRequest.logout().

doFilter

public void doFilter(jakarta.servlet.ServletRequest req,
 jakarta.servlet.ServletResponse res,
 jakarta.servlet.FilterChain chain)
              throws IOException,
jakarta.servlet.ServletException

Throws:

IOException

jakarta.servlet.ServletException

afterPropertiesSet

public void afterPropertiesSet()
                        throws jakarta.servlet.ServletException

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

Throws:

jakarta.servlet.ServletException

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use. Cannot be null.