Class SecurityContextHolderFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.context.SecurityContextHolderFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SecurityContextHolderFilter
extends org.springframework.web.filter.OncePerRequestFilter
A
Filter
that uses the SecurityContextRepository
to
obtain the SecurityContext
and set it on the SecurityContextHolder
.
This is similar to SecurityContextPersistenceFilter
except that the
SecurityContextRepository.saveContext(SecurityContext, HttpServletRequest, HttpServletResponse)
must be explicitly invoked to save the SecurityContext
. This improves the
efficiency and provides better flexibility by allowing different authentication
mechanisms to choose individually if authentication should be persisted.- Since:
- 5.7
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionSecurityContextHolderFilter
(SecurityContextRepository securityContextRepository) Creates a new instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setShouldNotFilterErrorDispatch
(boolean shouldNotFilterErrorDispatch) DisablesSecurityContextHolderFilter
for error dispatch.protected boolean
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
SecurityContextHolderFilter
Creates a new instance.- Parameters:
securityContextRepository
- the repository to use. Cannot be null.
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
shouldNotFilterErrorDispatch
protected boolean shouldNotFilterErrorDispatch()- Overrides:
shouldNotFilterErrorDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setShouldNotFilterErrorDispatch
public void setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch) DisablesSecurityContextHolderFilter
for error dispatch.- Parameters:
shouldNotFilterErrorDispatch
- if the Filter should be disabled for error dispatch. Default is false.
-