Class SecurityContextPersistenceFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.context.SecurityContextPersistenceFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

@Deprecated public class SecurityContextPersistenceFilter extends org.springframework.web.filter.GenericFilterBean
Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses an HttpSessionSecurityContextRepository. See this class for information HttpSession related configuration options.

This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.

This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder to contain a valid SecurityContext by the time they execute.

This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.

The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is false, as this is resource intensive and not recommended).

Since:
3.0
  • Constructor Details

    • SecurityContextPersistenceFilter

      public SecurityContextPersistenceFilter()
      Deprecated.
    • SecurityContextPersistenceFilter

      public SecurityContextPersistenceFilter(SecurityContextRepository repo)
      Deprecated.
  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Deprecated.
      Throws:
      IOException
      jakarta.servlet.ServletException
    • setForceEagerSessionCreation

      public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
      Deprecated.
    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Deprecated.
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8