public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean
Filter which populates the ServletRequest with a request
wrapper which implements the servlet API security methods.
In pre servlet 3 environment the wrapper class used is
SecurityContextHolderAwareRequestWrapper. See its javadoc for the methods that
are implemented.
In a servlet 3 environment SecurityContextHolderAwareRequestWrapper is extended
to provide the following additional methods:
HttpServletRequest.authenticate(HttpServletResponse) - Allows the user to
determine if they are authenticated and if not send the user to the login page. See
setAuthenticationEntryPoint(AuthenticationEntryPoint).HttpServletRequest.login(String, String) - Allows the user to authenticate
using the AuthenticationManager. See
setAuthenticationManager(AuthenticationManager).HttpServletRequest.logout() - Allows the user to logout using the
LogoutHandlers configured in Spring Security. See
setLogoutHandlers(List).AsyncContext.start(Runnable) - Automatically copy the
SecurityContext from the SecurityContextHolder found on the Thread that
invoked AsyncContext.start(Runnable) to the Thread that processes the
Runnable.logger| Constructor and Description |
|---|
SecurityContextHolderAwareRequestFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the
AuthenticationEntryPoint used when integrating
HttpServletRequest with Servlet 3 APIs. |
void |
setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager)
Sets the
AuthenticationManager used when integrating
HttpServletRequest with Servlet 3 APIs. |
void |
setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the
LogoutHandlers used when integrating with
HttpServletRequest with Servlet 3 APIs. |
void |
setRolePrefix(String rolePrefix) |
void |
setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic SecurityContextHolderAwareRequestFilter()
public void setRolePrefix(String rolePrefix)
public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)
Sets the AuthenticationEntryPoint used when integrating
HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when
HttpServletRequest.authenticate(HttpServletResponse) is called and the user
is not authenticated.
If the value is null (default), then the default container behavior will be be
retained when invoking HttpServletRequest.authenticate(HttpServletResponse)
.
authenticationEntryPoint - the AuthenticationEntryPoint to use when
invoking HttpServletRequest.authenticate(HttpServletResponse) if the user
is not authenticated.IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager)
Sets the AuthenticationManager used when integrating
HttpServletRequest with Servlet 3 APIs. Specifically, it will be used when
HttpServletRequest.login(String, String) is invoked to determine if the
user is authenticated.
If the value is null (default), then the default container behavior will be
retained when invoking HttpServletRequest.login(String, String).
authenticationManager - the AuthenticationManager to use when invoking
HttpServletRequest.login(String, String)IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void setLogoutHandlers(List<LogoutHandler> logoutHandlers)
Sets the LogoutHandlers used when integrating with
HttpServletRequest with Servlet 3 APIs. Specifically it will be used when
HttpServletRequest.logout() is invoked in order to log the user out. So
long as the LogoutHandlers do not commit the HttpServletResponse
(expected), then the user is in charge of handling the response.
If the value is null (default), the default container behavior will be retained
when invoking HttpServletRequest.logout().
logoutHandlers - the List<LogoutHandler>s when invoking
HttpServletRequest.logout().IllegalStateException - if the Servlet 3 APIs are not found on the classpathpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionpublic void afterPropertiesSet()
throws javax.servlet.ServletException
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanjavax.servlet.ServletExceptionpublic void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver to be used. The default is
AuthenticationTrustResolverImpl.trustResolver - the AuthenticationTrustResolver to use. Cannot be
null.