Package org.springframework.security.web.method.annotation

Class AuthenticationPrincipalArgumentResolver

java.lang.Object

org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

All Implemented Interfaces:

org.springframework.web.method.support.HandlerMethodArgumentResolver

public final class AuthenticationPrincipalArgumentResolver
extends Object
implements org.springframework.web.method.support.HandlerMethodArgumentResolver

Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation. For example, the following Controller:

 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@AuthenticationPrincipal CustomUser customUser) {
         // do something with CustomUser
     }
 }
 

Will resolve the CustomUser argument using Authentication.getPrincipal() from the SecurityContextHolder. If the Authentication or Authentication.getPrincipal() is null, it will return null. If the types do not match, null will be returned unless AuthenticationPrincipal.errorOnInvalidType() is true in which case a ClassCastException will be thrown.

Alternatively, users can create a custom meta annotation as shown below:

 @Target({ ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)
 @AuthenticationPrincipal
 public @interface CurrentUser {
 }
 

The custom annotation can then be used instead. For example:

 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@CurrentUser CustomUser customUser) {
         // do something with CustomUser
     }
 }
 

Since:

4.0

Constructor Summary

Constructors

Constructor	Description
AuthenticationPrincipalArgumentResolver()

Method Summary

Modifier and Type	Method	Description
Object	resolveArgument(org.springframework.core.MethodParameter parameter, org.springframework.web.method.support.ModelAndViewContainer mavContainer, org.springframework.web.context.request.NativeWebRequest webRequest, org.springframework.web.bind.support.WebDataBinderFactory binderFactory)
void	setBeanResolver(org.springframework.expression.BeanResolver beanResolver)	Sets the BeanResolver to be used on the expressions
void	setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
boolean	supportsParameter(org.springframework.core.MethodParameter parameter)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthenticationPrincipalArgumentResolver

public AuthenticationPrincipalArgumentResolver()

Method Details

supportsParameter

public boolean supportsParameter(org.springframework.core.MethodParameter parameter)

Specified by:

supportsParameter in interface org.springframework.web.method.support.HandlerMethodArgumentResolver

resolveArgument

public Object resolveArgument(org.springframework.core.MethodParameter parameter,
 org.springframework.web.method.support.ModelAndViewContainer mavContainer,
 org.springframework.web.context.request.NativeWebRequest webRequest,
 org.springframework.web.bind.support.WebDataBinderFactory binderFactory)

Specified by:

resolveArgument in interface org.springframework.web.method.support.HandlerMethodArgumentResolver

setBeanResolver

public void setBeanResolver(org.springframework.expression.BeanResolver beanResolver)

Sets the BeanResolver to be used on the expressions

Parameters:

beanResolver - the BeanResolver to use

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8