Class SecurityContextHolder
SecurityContext
with the current execution thread.
This class provides a series of static methods that delegate to an instance of
SecurityContextHolderStrategy
. The
purpose of the class is to provide a convenient way to specify the strategy that should
be used for a given JVM. This is a JVM-wide setting, since everything in this class is
static
to facilitate ease of use in calling code.
To specify which strategy should be used, you must provide a mode setting. A mode
setting is one of the three valid MODE_
settings defined as
static final
fields, or a fully qualified classname to a concrete
implementation of
SecurityContextHolderStrategy
that
provides a public no-argument constructor.
There are two ways to specify the desired strategy mode String
. The first
is to specify it via the system property keyed on SYSTEM_PROPERTY
. The second
is to call setStrategyName(String)
before using the class. If neither approach
is used, the class will default to using MODE_THREADLOCAL
, which is backwards
compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas
MODE_GLOBAL
is definitely inappropriate for server use).
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
Explicitly clears the context value from the current thread.static SecurityContext
Delegates the creation of a new, empty context to the configured strategy.static SecurityContext
Obtain the currentSecurityContext
.Allows retrieval of the context strategy.static Supplier<SecurityContext>
Obtains aSupplier
that returns the current context.static int
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized itsSecurityContextHolderStrategy
.static void
setContext
(SecurityContext context) Associates a newSecurityContext
with the current thread of execution.static void
Use thisSecurityContextHolderStrategy
.static void
setDeferredContext
(Supplier<SecurityContext> deferredContext) Sets aSupplier
that will return the current context.static void
setStrategyName
(String strategyName) Changes the preferred strategy.toString()
-
Field Details
-
MODE_THREADLOCAL
- See Also:
-
MODE_INHERITABLETHREADLOCAL
- See Also:
-
MODE_GLOBAL
- See Also:
-
SYSTEM_PROPERTY
- See Also:
-
-
Constructor Details
-
SecurityContextHolder
public SecurityContextHolder()
-
-
Method Details
-
clearContext
public static void clearContext()Explicitly clears the context value from the current thread. -
getContext
Obtain the currentSecurityContext
.- Returns:
- the security context (never
null
)
-
getDeferredContext
Obtains aSupplier
that returns the current context.- Returns:
- a
Supplier
that returns the current context (nevernull
- create a default implementation if necessary) - Since:
- 5.8
-
getInitializeCount
public static int getInitializeCount()Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized itsSecurityContextHolderStrategy
.- Returns:
- the count (should be one unless you've called
setStrategyName(String)
orsetContextHolderStrategy(SecurityContextHolderStrategy)
to switch to an alternate strategy).
-
setContext
Associates a newSecurityContext
with the current thread of execution.- Parameters:
context
- the newSecurityContext
(may not benull
)
-
setDeferredContext
Sets aSupplier
that will return the current context. Implementations can override the default to avoid invokingSupplier.get()
.- Parameters:
deferredContext
- aSupplier
that returns theSecurityContext
- Since:
- 5.8
-
setStrategyName
Changes the preferred strategy. Do NOT call this method more than once for a given JVM, as it will re-initialize the strategy and adversely affect any existing threads using the old strategy.- Parameters:
strategyName
- the fully qualified class name of the strategy that should be used.
-
setContextHolderStrategy
Use thisSecurityContextHolderStrategy
. Call eithersetStrategyName(String)
or this method, but not both. This method is not thread safe. Changing the strategy while requests are in-flight may cause race conditions.SecurityContextHolder
maintains a static reference to the providedSecurityContextHolderStrategy
. This means that the strategy and its members will not be garbage collected until you remove your strategy. To ensure garbage collection, remember the original strategy like so:SecurityContextHolderStrategy original = SecurityContextHolder.getContextHolderStrategy(); SecurityContextHolder.setContextHolderStrategy(myStrategy);
And then when you are ready formyStrategy
to be garbage collected you can do:SecurityContextHolder.setContextHolderStrategy(original);
- Parameters:
strategy
- theSecurityContextHolderStrategy
to use- Since:
- 5.6
-
getContextHolderStrategy
Allows retrieval of the context strategy. See SEC-1188.- Returns:
- the configured strategy for storing the security context.
-
createEmptyContext
Delegates the creation of a new, empty context to the configured strategy. -
toString
-