Class SecurityContextHolder
SecurityContext
with the current execution thread.
This class provides a series of static methods that delegate to an instance of
SecurityContextHolderStrategy
. The
purpose of the class is to provide a convenient way to specify the strategy that should
be used for a given JVM. This is a JVM-wide setting, since everything in this class is
static
to facilitate ease of use in calling code.
To specify which strategy should be used, you must provide a mode setting. A mode
setting is one of the three valid MODE_
settings defined as
static final
fields, or a fully qualified classname to a concrete
implementation of
SecurityContextHolderStrategy
that
provides a public no-argument constructor.
There are two ways to specify the desired strategy mode String
. The first
is to specify it via the system property keyed on SYSTEM_PROPERTY
. The second
is to call setStrategyName(String)
before using the class. If neither approach
is used, the class will default to using MODE_THREADLOCAL
, which is backwards
compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas
MODE_GLOBAL
is definitely inappropriate for server use).
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
Explicitly clears the context value from the current thread.static SecurityContext
Delegates the creation of a new, empty context to the configured strategy.static SecurityContext
Obtain the currentSecurityContext
.Allows retrieval of the context strategy.static int
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized itsSecurityContextHolderStrategy
.static void
setContext
(SecurityContext context) Associates a newSecurityContext
with the current thread of execution.static void
Use thisSecurityContextHolderStrategy
.static void
setStrategyName
(String strategyName) Changes the preferred strategy.toString()
-
Field Details
-
MODE_THREADLOCAL
- See Also:
-
MODE_INHERITABLETHREADLOCAL
- See Also:
-
MODE_GLOBAL
- See Also:
-
SYSTEM_PROPERTY
- See Also:
-
-
Constructor Details
-
SecurityContextHolder
public SecurityContextHolder()
-
-
Method Details
-
clearContext
public static void clearContext()Explicitly clears the context value from the current thread. -
getContext
Obtain the currentSecurityContext
.- Returns:
- the security context (never
null
)
-
getInitializeCount
public static int getInitializeCount()Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized itsSecurityContextHolderStrategy
.- Returns:
- the count (should be one unless you've called
setStrategyName(String)
orsetContextHolderStrategy(SecurityContextHolderStrategy)
to switch to an alternate strategy).
-
setContext
Associates a newSecurityContext
with the current thread of execution.- Parameters:
context
- the newSecurityContext
(may not benull
)
-
setStrategyName
Changes the preferred strategy. Do NOT call this method more than once for a given JVM, as it will re-initialize the strategy and adversely affect any existing threads using the old strategy.- Parameters:
strategyName
- the fully qualified class name of the strategy that should be used.
-
setContextHolderStrategy
Use thisSecurityContextHolderStrategy
. Call eithersetStrategyName(String)
or this method, but not both. This method is not thread safe. Changing the strategy while requests are in-flight may cause race conditions.SecurityContextHolder
maintains a static reference to the providedSecurityContextHolderStrategy
. This means that the strategy and its members will not be garbage collected until you remove your strategy. To ensure garbage collection, remember the original strategy like so:SecurityContextHolderStrategy original = SecurityContextHolder.getContextHolderStrategy(); SecurityContextHolder.setContextHolderStrategy(myStrategy);
And then when you are ready formyStrategy
to be garbage collected you can do:SecurityContextHolder.setContextHolderStrategy(original);
- Parameters:
strategy
- theSecurityContextHolderStrategy
to use- Since:
- 5.6
-
getContextHolderStrategy
Allows retrieval of the context strategy. See SEC-1188.- Returns:
- the configured strategy for storing the security context.
-
createEmptyContext
Delegates the creation of a new, empty context to the configured strategy. -
toString
-