Class SecurityContextHolderAwareRequestWrapper
java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest,jakarta.servlet.ServletRequest
public class SecurityContextHolderAwareRequestWrapper
extends jakarta.servlet.http.HttpServletRequestWrapper
A Spring Security-aware
HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement
the servlet API security methods:
getUserPrincipal()isUserInRole(String)HttpServletRequestWrapper.getRemoteUser().
- See Also:
-
Field Summary
Fields inherited from interface jakarta.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH -
Constructor Summary
ConstructorsConstructorDescriptionSecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl.SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionReturns the principal's name, as obtained from theSecurityContextHolder.Returns theAuthentication(which is a subclass ofPrincipal), ornullif unavailable.booleanisUserInRole(String role) Simple searches for an exactly matchingGrantedAuthority.getAuthority().voidsetSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use.toString()Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, login, logout, newPushBuilder, upgradeMethods inherited from class jakarta.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsyncMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface jakarta.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
-
Constructor Details
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl.- Parameters:
request-rolePrefix-
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(jakarta.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance- Parameters:
request- the originalHttpServletRequesttrustResolver- theAuthenticationTrustResolverto use. Cannot be null.rolePrefix- The prefix to be added toisUserInRole(String)or null if no prefix.
-
-
Method Details
-
getRemoteUser
Returns the principal's name, as obtained from theSecurityContextHolder. Properly handles bothString-based andUserDetails-based principals.- Specified by:
getRemoteUserin interfacejakarta.servlet.http.HttpServletRequest- Overrides:
getRemoteUserin classjakarta.servlet.http.HttpServletRequestWrapper- Returns:
- the username or
nullif unavailable
-
getUserPrincipal
Returns theAuthentication(which is a subclass ofPrincipal), ornullif unavailable.- Specified by:
getUserPrincipalin interfacejakarta.servlet.http.HttpServletRequest- Overrides:
getUserPrincipalin classjakarta.servlet.http.HttpServletRequestWrapper- Returns:
- the
Authentication, ornull
-
isUserInRole
Simple searches for an exactly matchingGrantedAuthority.getAuthority().Will always return
falseif theSecurityContextHoldercontains anAuthenticationwithnullprincipaland/orGrantedAuthority[]objects.- Specified by:
isUserInRolein interfacejakarta.servlet.http.HttpServletRequest- Overrides:
isUserInRolein classjakarta.servlet.http.HttpServletRequestWrapper- Parameters:
role- theGrantedAuthorityStringrepresentation to check for- Returns:
trueif an exact (case sensitive) matching granted authority is located,falseotherwise
-
toString
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use. The default action is to use theSecurityContextHolderStrategystored inSecurityContextHolder.- Since:
- 5.8
-