public class SecurityContextHolder extends Object
SecurityContext with the current execution thread.
This class provides a series of static methods that delegate to an instance of
SecurityContextHolderStrategy. The
purpose of the class is to provide a convenient way to specify the strategy that should
be used for a given JVM. This is a JVM-wide setting, since everything in this class is
static to facilitate ease of use in calling code.
To specify which strategy should be used, you must provide a mode setting. A mode
setting is one of the three valid MODE_ settings defined as
static final fields, or a fully qualified classname to a concrete
implementation of
SecurityContextHolderStrategy that
provides a public no-argument constructor.
There are two ways to specify the desired strategy mode String. The first
is to specify it via the system property keyed on SYSTEM_PROPERTY. The second
is to call setStrategyName(String) before using the class. If neither approach
is used, the class will default to using MODE_THREADLOCAL, which is backwards
compatible, has fewer JVM incompatibilities and is appropriate on servers (whereas
MODE_GLOBAL is definitely inappropriate for server use).
| Modifier and Type | Field and Description |
|---|---|
static String |
MODE_GLOBAL |
static String |
MODE_INHERITABLETHREADLOCAL |
static String |
MODE_THREADLOCAL |
static String |
SYSTEM_PROPERTY |
| Constructor and Description |
|---|
SecurityContextHolder() |
| Modifier and Type | Method and Description |
|---|---|
static void |
clearContext()
Explicitly clears the context value from the current thread.
|
static SecurityContext |
createEmptyContext()
Delegates the creation of a new, empty context to the configured strategy.
|
static SecurityContext |
getContext()
Obtain the current
SecurityContext. |
static SecurityContextHolderStrategy |
getContextHolderStrategy()
Allows retrieval of the context strategy.
|
static int |
getInitializeCount()
Primarily for troubleshooting purposes, this method shows how many times the class
has re-initialized its
SecurityContextHolderStrategy. |
static void |
setContext(SecurityContext context)
Associates a new
SecurityContext with the current thread of execution. |
static void |
setStrategyName(String strategyName)
Changes the preferred strategy.
|
String |
toString() |
public static final String MODE_THREADLOCAL
public static final String MODE_INHERITABLETHREADLOCAL
public static final String MODE_GLOBAL
public static final String SYSTEM_PROPERTY
public static void clearContext()
public static SecurityContext getContext()
SecurityContext.null)public static int getInitializeCount()
SecurityContextHolderStrategy.setStrategyName(String) to switch to an alternate strategy.public static void setContext(SecurityContext context)
SecurityContext with the current thread of execution.context - the new SecurityContext (may not be null)public static void setStrategyName(String strategyName)
strategyName - the fully qualified class name of the strategy that should be
used.public static SecurityContextHolderStrategy getContextHolderStrategy()
public static SecurityContext createEmptyContext()