Class SecurityContextHolderAwareRequestFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class SecurityContextHolderAwareRequestFilter extends org.springframework.web.filter.GenericFilterBean
A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

SecurityContextHolderAwareRequestWrapper is extended to provide the following additional methods:

  • Constructor Details

    • SecurityContextHolderAwareRequestFilter

      public SecurityContextHolderAwareRequestFilter()
  • Method Details

    • setSecurityContextRepository

      public void setSecurityContextRepository(SecurityContextRepository securityContextRepository)
      Sets the SecurityContextRepository to use. The default is to use HttpSessionSecurityContextRepository.
      Parameters:
      securityContextRepository - the SecurityContextRepository to use.
      Since:
      6.0
    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8
    • setRolePrefix

      public void setRolePrefix(String rolePrefix)
    • setAuthenticationEntryPoint

      public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

      Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse) is called and the user is not authenticated.

      If the value is null (default), then the default container behavior will be be retained when invoking HttpServletRequest.authenticate(HttpServletResponse) .

      Parameters:
      authenticationEntryPoint - the AuthenticationEntryPoint to use when invoking HttpServletRequest.authenticate(HttpServletResponse) if the user is not authenticated.
    • setAuthenticationManager

      public void setAuthenticationManager(AuthenticationManager authenticationManager)

      Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when HttpServletRequest.login(String, String) is invoked to determine if the user is authenticated.

      If the value is null (default), then the default container behavior will be retained when invoking HttpServletRequest.login(String, String).

      Parameters:
      authenticationManager - the AuthenticationManager to use when invoking HttpServletRequest.login(String, String)
    • setLogoutHandlers

      public void setLogoutHandlers(List<LogoutHandler> logoutHandlers)

      Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs. Specifically it will be used when HttpServletRequest.logout() is invoked in order to log the user out. So long as the LogoutHandlers do not commit the HttpServletResponse (expected), then the user is in charge of handling the response.

      If the value is null (default), the default container behavior will be retained when invoking HttpServletRequest.logout().

      Parameters:
      logoutHandlers - the List&lt;LogoutHandler&gt;s when invoking HttpServletRequest.logout().
    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException
    • afterPropertiesSet

      public void afterPropertiesSet() throws jakarta.servlet.ServletException
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Overrides:
      afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean
      Throws:
      jakarta.servlet.ServletException
    • setTrustResolver

      public void setTrustResolver(AuthenticationTrustResolver trustResolver)
      Parameters:
      trustResolver - the AuthenticationTrustResolver to use. Cannot be null.