Class SecurityContextHolderAwareRequestFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
Filter
which populates the ServletRequest
with a request
wrapper which implements the servlet API security methods.
SecurityContextHolderAwareRequestWrapper
is extended to provide the following
additional methods:
HttpServletRequest.authenticate(HttpServletResponse)
- Allows the user to determine if they are authenticated and if not send the user to the login page. SeesetAuthenticationEntryPoint(AuthenticationEntryPoint)
.HttpServletRequest.login(String, String)
- Allows the user to authenticate using theAuthenticationManager
. SeesetAuthenticationManager(AuthenticationManager)
.HttpServletRequest.logout()
- Allows the user to logout using theLogoutHandler
s configured in Spring Security. SeesetLogoutHandlers(List)
.AsyncContext.start(Runnable)
- Automatically copy theSecurityContext
from theSecurityContextHolder
found on the Thread that invokedAsyncContext.start(Runnable)
to the Thread that processes theRunnable
.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
void
doFilter
(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) void
setAuthenticationEntryPoint
(AuthenticationEntryPoint authenticationEntryPoint) Sets theAuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs.void
setAuthenticationManager
(AuthenticationManager authenticationManager) Sets theAuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs.void
setLogoutHandlers
(List<LogoutHandler> logoutHandlers) Sets theLogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs.void
setRolePrefix
(String rolePrefix) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSecurityContextRepository
(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepository
to use.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolver
to be used.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
SecurityContextHolderAwareRequestFilter
public SecurityContextHolderAwareRequestFilter()
-
-
Method Details
-
setSecurityContextRepository
Sets theSecurityContextRepository
to use. The default is to useHttpSessionSecurityContextRepository
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use.- Since:
- 6.0
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setRolePrefix
-
setAuthenticationEntryPoint
Sets the
AuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs. Specifically, it will be used whenHttpServletRequest.authenticate(HttpServletResponse)
is called and the user is not authenticated.If the value is null (default), then the default container behavior will be be retained when invoking
HttpServletRequest.authenticate(HttpServletResponse)
.- Parameters:
authenticationEntryPoint
- theAuthenticationEntryPoint
to use when invokingHttpServletRequest.authenticate(HttpServletResponse)
if the user is not authenticated.
-
setAuthenticationManager
Sets the
AuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs. Specifically, it will be used whenHttpServletRequest.login(String, String)
is invoked to determine if the user is authenticated.If the value is null (default), then the default container behavior will be retained when invoking
HttpServletRequest.login(String, String)
.- Parameters:
authenticationManager
- theAuthenticationManager
to use when invokingHttpServletRequest.login(String, String)
-
setLogoutHandlers
Sets the
LogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs. Specifically it will be used whenHttpServletRequest.logout()
is invoked in order to log the user out. So long as theLogoutHandler
s do not commit theHttpServletResponse
(expected), then the user is in charge of handling the response.If the value is null (default), the default container behavior will be retained when invoking
HttpServletRequest.logout()
.- Parameters:
logoutHandlers
- theList<LogoutHandler>
s when invokingHttpServletRequest.logout()
.
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
afterPropertiesSet
public void afterPropertiesSet() throws jakarta.servlet.ServletException- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
- Throws:
jakarta.servlet.ServletException
-
setTrustResolver
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.
-