Class SecurityContextHolderAwareRequestWrapper

java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest, jakarta.servlet.ServletRequest

public class SecurityContextHolderAwareRequestWrapper extends jakarta.servlet.http.HttpServletRequestWrapper
A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods:
See Also:
  • Field Summary

    Fields inherited from interface jakarta.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String rolePrefix)
    Creates a new instance with AuthenticationTrustResolverImpl.
    SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix)
    Creates a new instance
  • Method Summary

    Modifier and Type
    Method
    Description
    Returns the principal's name, as obtained from the SecurityContextHolder.
    Returns the Authentication (which is a subclass of Principal), or null if unavailable.
    boolean
    Simple searches for an exactly matching GrantedAuthority.getAuthority().
    void
     

    Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, login, logout, newPushBuilder, upgrade

    Methods inherited from class jakarta.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface jakarta.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
  • Constructor Details

    • SecurityContextHolderAwareRequestWrapper

      public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String rolePrefix)
      Creates a new instance with AuthenticationTrustResolverImpl.
      Parameters:
      request -
      rolePrefix -
    • SecurityContextHolderAwareRequestWrapper

      public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix)
      Creates a new instance
      Parameters:
      request - the original HttpServletRequest
      trustResolver - the AuthenticationTrustResolver to use. Cannot be null.
      rolePrefix - The prefix to be added to isUserInRole(String) or null if no prefix.
  • Method Details

    • getRemoteUser

      public String getRemoteUser()
      Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.
      Specified by:
      getRemoteUser in interface jakarta.servlet.http.HttpServletRequest
      Overrides:
      getRemoteUser in class jakarta.servlet.http.HttpServletRequestWrapper
      Returns:
      the username or null if unavailable
    • getUserPrincipal

      public Principal getUserPrincipal()
      Returns the Authentication (which is a subclass of Principal), or null if unavailable.
      Specified by:
      getUserPrincipal in interface jakarta.servlet.http.HttpServletRequest
      Overrides:
      getUserPrincipal in class jakarta.servlet.http.HttpServletRequestWrapper
      Returns:
      the Authentication, or null
    • isUserInRole

      public boolean isUserInRole(String role)
      Simple searches for an exactly matching GrantedAuthority.getAuthority().

      Will always return false if the SecurityContextHolder contains an Authentication with null principal and/or GrantedAuthority[] objects.

      Specified by:
      isUserInRole in interface jakarta.servlet.http.HttpServletRequest
      Overrides:
      isUserInRole in class jakarta.servlet.http.HttpServletRequestWrapper
      Parameters:
      role - the GrantedAuthorityString representation to check for
      Returns:
      true if an exact (case sensitive) matching granted authority is located, false otherwise
    • toString

      public String toString()
      Overrides:
      toString in class Object
    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8