Class SecurityContextPersistenceFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
SecurityContextHolder
with information obtained from the
configured SecurityContextRepository
prior to the request and stores it back in
the repository once the request has completed and clearing the context holder. By
default it uses an HttpSessionSecurityContextRepository
. See this class for
information HttpSession related configuration options.
This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms.
Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect
the SecurityContextHolder
to contain a valid SecurityContext
by the time they execute.
This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is
always available before the filter chain executes (the default is false
,
as this is resource intensive and not recommended).
- Since:
- 3.0
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionDeprecated.Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionvoid
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) Deprecated.void
setForceEagerSessionCreation
(boolean forceEagerSessionCreation) Deprecated.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Deprecated.Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter()Deprecated. -
SecurityContextPersistenceFilter
Deprecated.
-
-
Method Details
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException Deprecated.- Throws:
IOException
jakarta.servlet.ServletException
-
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation) Deprecated. -
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Deprecated.Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
SecurityContextHolderFilter