Package org.springframework.security.messaging.context

Class SecurityContextPropagationChannelInterceptor

java.lang.Object
org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
All Implemented Interfaces:
org.springframework.messaging.support.ChannelInterceptor, org.springframework.messaging.support.ExecutorChannelInterceptor
public final class SecurityContextPropagationChannelInterceptor extends Object implements org.springframework.messaging.support.ExecutorChannelInterceptor
An ExecutorChannelInterceptor that takes an Authentication from the current SecurityContext (if any) in the preSend(Message, MessageChannel) callback and stores it into an authenticationHeaderName message header. Then sets the context from this header in the beforeHandle(Message, MessageChannel, MessageHandler) and postReceive(Message, MessageChannel) both of which typically happen on a different thread.

Note: cannot be used in combination with a SecurityContextChannelInterceptor on the same channel since both these interceptors modify a security context on a handling and receiving operations.

Since:
6.2
See Also:

  • Constructor Details

    • SecurityContextPropagationChannelInterceptor

      public SecurityContextPropagationChannelInterceptor()
      Create a new instance using the header of the name SimpMessageHeaderAccessor.USER_HEADER.

    • SecurityContextPropagationChannelInterceptor

      public SecurityContextPropagationChannelInterceptor(String authenticationHeaderName)
      Create a new instance that uses the specified header to populate the Authentication.
      Parameters:
      authenticationHeaderName - the header name to populate the Authentication. Cannot be null.

  • Method Details

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy strategy)

    • setAnonymousAuthentication

      public void setAnonymousAuthentication(Authentication authentication)
      Configure an Authentication used for anonymous authentication. Default is: 
       new AnonymousAuthenticationToken("key", "anonymous",
                AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
      Parameters:
      authentication - the Authentication used for anonymous authentication. Cannot be null.

    • preSend

      public org.springframework.messaging.Message<?> preSend(org.springframework.messaging.Message<?> message, org.springframework.messaging.MessageChannel channel)
      Specified by:
      preSend in interface org.springframework.messaging.support.ChannelInterceptor

    • beforeHandle

      public org.springframework.messaging.Message<?> beforeHandle(org.springframework.messaging.Message<?> message, org.springframework.messaging.MessageChannel channel, org.springframework.messaging.MessageHandler handler)
      Specified by:
      beforeHandle in interface org.springframework.messaging.support.ExecutorChannelInterceptor

    • postReceive

      public org.springframework.messaging.Message<?> postReceive(org.springframework.messaging.Message<?> message, org.springframework.messaging.MessageChannel channel)
      Specified by:
      postReceive in interface org.springframework.messaging.support.ChannelInterceptor

    • afterMessageHandled

      public void afterMessageHandled(org.springframework.messaging.Message<?> message, org.springframework.messaging.MessageChannel channel, org.springframework.messaging.MessageHandler handler, Exception ex)
      Specified by:
      afterMessageHandled in interface org.springframework.messaging.support.ExecutorChannelInterceptor