Package org.springframework.security.messaging.context

Class AuthenticationPrincipalArgumentResolver

java.lang.Object

org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

All Implemented Interfaces:

org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver

public final class AuthenticationPrincipalArgumentResolver
extends Object
implements org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver

Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation. For example, the following Controller:

 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@AuthenticationPrincipal CustomUser customUser) {
         // do something with CustomUser
     }
 }
 

Will resolve the CustomUser argument using Authentication.getPrincipal() from the SecurityContextHolder. If the Authentication or Authentication.getPrincipal() is null, it will return null. If the types do not match, null will be returned unless AuthenticationPrincipal.errorOnInvalidType() is true in which case a ClassCastException will be thrown.

Alternatively, users can create a custom meta annotation as shown below:

 @Target({ ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)
 @AuthenticationPrincipal
 public @interface CurrentUser {
 }
 

The custom annotation can then be used instead. For example:

 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@CurrentUser CustomUser customUser) {
         // do something with CustomUser
     }
 }
 

Since:

4.0

Constructor Summary

Constructors

Constructor	Description
AuthenticationPrincipalArgumentResolver()

Method Summary

Modifier and Type	Method	Description
Object	resolveArgument(org.springframework.core.MethodParameter parameter, org.springframework.messaging.Message<?> message)
void	setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
void	setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults)	Configure AuthenticationPrincipal template resolution
boolean	supportsParameter(org.springframework.core.MethodParameter parameter)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthenticationPrincipalArgumentResolver

public AuthenticationPrincipalArgumentResolver()

Method Details

supportsParameter

public boolean supportsParameter(org.springframework.core.MethodParameter parameter)

Specified by:

supportsParameter in interface org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver

resolveArgument

public Object resolveArgument(org.springframework.core.MethodParameter parameter,
 org.springframework.messaging.Message<?> message)

Specified by:

resolveArgument in interface org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8

setTemplateDefaults

public void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults)

Configure AuthenticationPrincipal template resolution

By default, this value is null, which indicates that templates should not be resolved.

Parameters:

templateDefaults - - whether to resolve AuthenticationPrincipal templates parameters

Since:

6.4