public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean
Filter which populates the ServletRequest with a request wrapper
which implements the servlet API security methods.
In pre servlet 3 environment the wrapper class used is SecurityContextHolderAwareRequestWrapper. See its javadoc for the methods that are implemented.
In a servlet 3 environment SecurityContextHolderAwareRequestWrapper is extended to provide the following additional methods:
HttpServletRequest.authenticate(HttpServletResponse) - Allows the user to determine if they are
authenticated and if not send the user to the login page. See
setAuthenticationEntryPoint(AuthenticationEntryPoint).HttpServletRequest.login(String, String) - Allows the user to authenticate using the
AuthenticationManager. See setAuthenticationManager(AuthenticationManager).HttpServletRequest.logout() - Allows the user to logout using the LogoutHandlers configured in
Spring Security. See setLogoutHandlers(List).AsyncContext.start(Runnable) - Automatically copy the SecurityContext from the
SecurityContextHolder found on the Thread that invoked AsyncContext.start(Runnable) to the Thread
that processes the Runnable.logger| Constructor and Description |
|---|
SecurityContextHolderAwareRequestFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the
AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs. |
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the
AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs. |
void |
setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the
LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs. |
void |
setRolePrefix(String rolePrefix) |
void |
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic SecurityContextHolderAwareRequestFilter()
public void setRolePrefix(String rolePrefix)
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.
Specifically, it will be used when HttpServletRequest.authenticate(HttpServletResponse) is called and the
user is not authenticated.
If the value is null (default), then the default container behavior will be be retained when invoking
HttpServletRequest.authenticate(HttpServletResponse).
authenticationEntryPoint - the AuthenticationEntryPoint to use when invoking
HttpServletRequest.authenticate(HttpServletResponse) if the user is not authenticated.IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.
Specifically, it will be used when HttpServletRequest.login(String, String) is invoked to determine if
the user is authenticated.
If the value is null (default), then the default container behavior will be retained when invoking
HttpServletRequest.login(String, String).
authenticationManager - the AuthenticationManager to use when invoking
HttpServletRequest.login(String, String)IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.
Specifically it will be used when HttpServletRequest.logout() is invoked in order to log the user out. So
long as the LogoutHandlers do not commit the HttpServletResponse (expected), then the user is in
charge of handling the response.
If the value is null (default), the default container behavior will be retained when invoking
HttpServletRequest.logout().
logoutHandlers - the Lists when invoking HttpServletRequest.logout().IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic void afterPropertiesSet()
throws javax.servlet.ServletException
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanjavax.servlet.ServletExceptionpublic void setTrustResolver(AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver to be used. The default is
AuthenticationTrustResolverImpl.trustResolver - the AuthenticationTrustResolver to use. Cannot be
null.