Class SecurityContextHolderFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.context.SecurityContextHolderFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SecurityContextHolderFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter
that uses the SecurityContextRepository
to
obtain the SecurityContext
and set it on the SecurityContextHolder
.
This is similar to SecurityContextPersistenceFilter
except that the
SecurityContextRepository.saveContext(SecurityContext, HttpServletRequest, HttpServletResponse)
must be explicitly invoked to save the SecurityContext
. This improves the
efficiency and provides better flexibility by allowing different authentication
mechanisms to choose individually if authentication should be persisted.- Since:
- 5.7
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionSecurityContextHolderFilter
(SecurityContextRepository securityContextRepository) Creates a new instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) void
setShouldNotFilterErrorDispatch
(boolean shouldNotFilterErrorDispatch) DisablesSecurityContextHolderFilter
for error dispatch.protected boolean
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
SecurityContextHolderFilter
Creates a new instance.- Parameters:
securityContextRepository
- the repository to use. Cannot be null.
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
shouldNotFilterErrorDispatch
protected boolean shouldNotFilterErrorDispatch()- Overrides:
shouldNotFilterErrorDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
-
setShouldNotFilterErrorDispatch
public void setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch) DisablesSecurityContextHolderFilter
for error dispatch.- Parameters:
shouldNotFilterErrorDispatch
- if the Filter should be disabled for error dispatch. Default is false.
-