public class SecurityContextHolder extends Object
SecurityContext with the current execution thread.
This class provides a series of static methods that delegate to an instance of
SecurityContextHolderStrategy. The purpose of the class is to provide a
convenient way to specify the strategy that should be used for a given JVM.
This is a JVM-wide setting, since everything in this class is static to facilitate ease of use in
calling code.
To specify which strategy should be used, you must provide a mode setting. A mode setting is one of the
three valid MODE_ settings defined as static final fields, or a fully qualified classname
to a concrete implementation of SecurityContextHolderStrategy that
provides a public no-argument constructor.
There are two ways to specify the desired strategy mode String. The first is to specify it via
the system property keyed on SYSTEM_PROPERTY. The second is to call setStrategyName(String)
before using the class. If neither approach is used, the class will default to using MODE_THREADLOCAL,
which is backwards compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas MODE_GLOBAL is definitely inappropriate for server use).
| Modifier and Type | Field and Description |
|---|---|
static String |
MODE_GLOBAL |
static String |
MODE_INHERITABLETHREADLOCAL |
static String |
MODE_THREADLOCAL |
static String |
SYSTEM_PROPERTY |
| Constructor and Description |
|---|
SecurityContextHolder() |
| Modifier and Type | Method and Description |
|---|---|
static void |
clearContext()
Explicitly clears the context value from the current thread.
|
static SecurityContext |
createEmptyContext()
Delegates the creation of a new, empty context to the configured strategy.
|
static SecurityContext |
getContext()
Obtain the current
SecurityContext. |
static SecurityContextHolderStrategy |
getContextHolderStrategy()
Allows retrieval of the context strategy.
|
static int |
getInitializeCount()
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its
SecurityContextHolderStrategy. |
static void |
setContext(SecurityContext context)
Associates a new
SecurityContext with the current thread of execution. |
static void |
setStrategyName(String strategyName)
Changes the preferred strategy.
|
String |
toString() |
public static final String MODE_THREADLOCAL
public static final String MODE_INHERITABLETHREADLOCAL
public static final String MODE_GLOBAL
public static final String SYSTEM_PROPERTY
public static void clearContext()
public static SecurityContext getContext()
SecurityContext.null)public static int getInitializeCount()
SecurityContextHolderStrategy.setStrategyName(String) to switch to an alternate
strategy.public static void setContext(SecurityContext context)
SecurityContext with the current thread of execution.context - the new SecurityContext (may not be null)public static void setStrategyName(String strategyName)
strategyName - the fully qualified class name of the strategy that should be used.public static SecurityContextHolderStrategy getContextHolderStrategy()
public static SecurityContext createEmptyContext()