Class SaveContextOnUpdateOrErrorResponseWrapper
java.lang.Object
jakarta.servlet.ServletResponseWrapper
jakarta.servlet.http.HttpServletResponseWrapper
org.springframework.security.web.util.OnCommittedResponseWrapper
org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
- All Implemented Interfaces:
jakarta.servlet.http.HttpServletResponse
,jakarta.servlet.ServletResponse
@Deprecated
public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends OnCommittedResponseWrapper
Deprecated.
Base class for response wrappers which encapsulate the logic for storing a security
context and which store the
SecurityContext
when a
sendError()
, sendRedirect
,
getOutputStream().close()
, getOutputStream().flush()
,
getWriter().close()
, or getWriter().flush()
happens on the
same thread that this SaveContextOnUpdateOrErrorResponseWrapper
was created.
See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context)
method.
Support is also provided for disabling URL rewriting
- Since:
- 3.0
-
Field Summary
Fields inherited from interface jakarta.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
-
Constructor Summary
ConstructorDescriptionSaveContextOnUpdateOrErrorResponseWrapper
(jakarta.servlet.http.HttpServletResponse response, boolean disableUrlRewriting) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionvoid
Deprecated.Invoke this method to disable automatic saving of theSecurityContext
when theHttpServletResponse
is committed.final String
encodeRedirectURL
(String url) Deprecated.final String
Deprecated.final boolean
Deprecated.Tells if the response wrapper has calledsaveContext()
because of this wrapper.protected void
Deprecated.CallssaveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked.protected abstract void
saveContext
(SecurityContext context) Deprecated.Implements the logic for storing the security context.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Deprecated.Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.security.web.util.OnCommittedResponseWrapper
addHeader, disableOnResponseCommitted, flushBuffer, getOutputStream, getWriter, isDisableOnResponseCommitted, sendError, sendError, sendRedirect, setContentLength, setContentLengthLong
Methods inherited from class jakarta.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, setDateHeader, setHeader, setIntHeader, setStatus, setTrailerFields
Methods inherited from class jakarta.servlet.ServletResponseWrapper
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale, setResponse
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface jakarta.servlet.ServletResponse
getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentType, setLocale
-
Constructor Details
-
SaveContextOnUpdateOrErrorResponseWrapper
public SaveContextOnUpdateOrErrorResponseWrapper(jakarta.servlet.http.HttpServletResponse response, boolean disableUrlRewriting) Deprecated.- Parameters:
response
- the response to be wrappeddisableUrlRewriting
- turns the URL encoding methods into null operations, preventing the use of URL rewriting to add the session identifier as a URL parameter.
-
-
Method Details
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Deprecated.Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
disableSaveOnResponseCommitted
public void disableSaveOnResponseCommitted()Deprecated.Invoke this method to disable automatic saving of theSecurityContext
when theHttpServletResponse
is committed. This can be useful in the event that Async Web Requests are made which may no longer contain theSecurityContext
on it. -
saveContext
Deprecated.Implements the logic for storing the security context.- Parameters:
context
- the SecurityContext instance to store
-
onResponseCommitted
protected void onResponseCommitted()Deprecated.CallssaveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked.- Specified by:
onResponseCommitted
in classOnCommittedResponseWrapper
-
encodeRedirectURL
Deprecated.- Specified by:
encodeRedirectURL
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeRedirectURL
in classjakarta.servlet.http.HttpServletResponseWrapper
-
encodeURL
Deprecated.- Specified by:
encodeURL
in interfacejakarta.servlet.http.HttpServletResponse
- Overrides:
encodeURL
in classjakarta.servlet.http.HttpServletResponseWrapper
-
isContextSaved
public final boolean isContextSaved()Deprecated.Tells if the response wrapper has calledsaveContext()
because of this wrapper.
-
SecurityContextRepository.loadDeferredContext(HttpServletRequest)
instead.