Class SecurityContextHolderAwareRequestWrapper
java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest
,jakarta.servlet.ServletRequest
public class SecurityContextHolderAwareRequestWrapper
extends jakarta.servlet.http.HttpServletRequestWrapper
A Spring Security-aware
HttpServletRequestWrapper
, which uses the
SecurityContext
-defined Authentication
object to implement
the servlet API security methods:
getUserPrincipal()
isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser()
.
- See Also:
-
Field Summary
Fields inherited from interface jakarta.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
-
Constructor Summary
ConstructorDescriptionSecurityContextHolderAwareRequestWrapper
(jakarta.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl
.SecurityContextHolderAwareRequestWrapper
(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionReturns the principal's name, as obtained from theSecurityContextHolder
.Returns theAuthentication
(which is a subclass ofPrincipal
), ornull
if unavailable.boolean
isUserInRole
(String role) Simple searches for an exactly matchingGrantedAuthority.getAuthority()
.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.toString()
Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, login, logout, newPushBuilder, upgrade
Methods inherited from class jakarta.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface jakarta.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
-
Constructor Details
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl
.- Parameters:
request
-rolePrefix
-
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance- Parameters:
request
- the originalHttpServletRequest
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.rolePrefix
- The prefix to be added toisUserInRole(String)
or null if no prefix.
-
-
Method Details
-
getRemoteUser
Returns the principal's name, as obtained from theSecurityContextHolder
. Properly handles bothString
-based andUserDetails
-based principals.- Specified by:
getRemoteUser
in interfacejakarta.servlet.http.HttpServletRequest
- Overrides:
getRemoteUser
in classjakarta.servlet.http.HttpServletRequestWrapper
- Returns:
- the username or
null
if unavailable
-
getUserPrincipal
Returns theAuthentication
(which is a subclass ofPrincipal
), ornull
if unavailable.- Specified by:
getUserPrincipal
in interfacejakarta.servlet.http.HttpServletRequest
- Overrides:
getUserPrincipal
in classjakarta.servlet.http.HttpServletRequestWrapper
- Returns:
- the
Authentication
, ornull
-
isUserInRole
Simple searches for an exactly matchingGrantedAuthority.getAuthority()
.Will always return
false
if theSecurityContextHolder
contains anAuthentication
withnull
principal
and/orGrantedAuthority[]
objects.- Specified by:
isUserInRole
in interfacejakarta.servlet.http.HttpServletRequest
- Overrides:
isUserInRole
in classjakarta.servlet.http.HttpServletRequestWrapper
- Parameters:
role
- theGrantedAuthority
String
representation to check for- Returns:
true
if an exact (case sensitive) matching granted authority is located,false
otherwise
-
toString
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-