Class SecurityContextHolderAwareRequestWrapper
java.lang.Object
javax.servlet.ServletRequestWrapper
javax.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- All Implemented Interfaces:
javax.servlet.http.HttpServletRequest,javax.servlet.ServletRequest
public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
A Spring Security-aware
HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement
the servlet API security methods:
getUserPrincipal()isUserInRole(String)HttpServletRequestWrapper.getRemoteUser().
- See Also:
-
Field Summary
Fields inherited from interface javax.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH -
Constructor Summary
ConstructorsConstructorDescriptionSecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl.SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionReturns the principal's name, as obtained from theSecurityContextHolder.Returns theAuthentication(which is a subclass ofPrincipal), ornullif unavailable.booleanisUserInRole(String role) Simple searches for an exactly matchingGrantedAuthority.getAuthority().voidsetSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use.toString()Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, login, logout, newPushBuilder, upgradeMethods inherited from class javax.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsyncMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface javax.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
-
Constructor Details
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, String rolePrefix) Creates a new instance withAuthenticationTrustResolverImpl.- Parameters:
request-rolePrefix-
-
SecurityContextHolderAwareRequestWrapper
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, AuthenticationTrustResolver trustResolver, String rolePrefix) Creates a new instance- Parameters:
request- the originalHttpServletRequesttrustResolver- theAuthenticationTrustResolverto use. Cannot be null.rolePrefix- The prefix to be added toisUserInRole(String)or null if no prefix.
-
-
Method Details
-
getRemoteUser
Returns the principal's name, as obtained from theSecurityContextHolder. Properly handles bothString-based andUserDetails-based principals.- Specified by:
getRemoteUserin interfacejavax.servlet.http.HttpServletRequest- Overrides:
getRemoteUserin classjavax.servlet.http.HttpServletRequestWrapper- Returns:
- the username or
nullif unavailable
-
getUserPrincipal
Returns theAuthentication(which is a subclass ofPrincipal), ornullif unavailable.- Specified by:
getUserPrincipalin interfacejavax.servlet.http.HttpServletRequest- Overrides:
getUserPrincipalin classjavax.servlet.http.HttpServletRequestWrapper- Returns:
- the
Authentication, ornull
-
isUserInRole
Simple searches for an exactly matchingGrantedAuthority.getAuthority().Will always return
falseif theSecurityContextHoldercontains anAuthenticationwithnullprincipaland/orGrantedAuthority[]objects.- Specified by:
isUserInRolein interfacejavax.servlet.http.HttpServletRequest- Overrides:
isUserInRolein classjavax.servlet.http.HttpServletRequestWrapper- Parameters:
role- theGrantedAuthorityStringrepresentation to check for- Returns:
trueif an exact (case sensitive) matching granted authority is located,falseotherwise
-
toString
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use. The default action is to use theSecurityContextHolderStrategystored inSecurityContextHolder.- Since:
- 5.8
-