|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectjavax.servlet.ServletRequestWrapper
javax.servlet.http.HttpServletRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
public class SecurityContextHolderAwareRequestWrapper
A Spring Security-aware HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement the servlet API security
methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().
SecurityContextHolderAwareRequestFilter| Field Summary |
|---|
| Fields inherited from interface javax.servlet.http.HttpServletRequest |
|---|
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH |
| Constructor Summary | |
|---|---|
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
String rolePrefix)
|
|
| Method Summary | |
|---|---|
String |
getRemoteUser()
Returns the principal's name, as obtained from the SecurityContextHolder. |
Principal |
getUserPrincipal()
Returns the Authentication (which is a subclass of Principal), or
null if unavailable. |
boolean |
isUserInRole(String role)
Simple searches for an exactly matching GrantedAuthority.getAuthority(). |
String |
toString()
|
| Methods inherited from class javax.servlet.http.HttpServletRequestWrapper |
|---|
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid |
| Methods inherited from class javax.servlet.ServletRequestWrapper |
|---|
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
| Methods inherited from interface javax.servlet.ServletRequest |
|---|
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding |
| Constructor Detail |
|---|
public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
String rolePrefix)
| Method Detail |
|---|
public String getRemoteUser()
SecurityContextHolder. Properly handles
both String-based and UserDetails-based principals.
getRemoteUser in interface javax.servlet.http.HttpServletRequestgetRemoteUser in class javax.servlet.http.HttpServletRequestWrappernull if unavailablepublic Principal getUserPrincipal()
Authentication (which is a subclass of Principal), or
null if unavailable.
getUserPrincipal in interface javax.servlet.http.HttpServletRequestgetUserPrincipal in class javax.servlet.http.HttpServletRequestWrapperAuthentication, or nullpublic boolean isUserInRole(String role)
GrantedAuthority.getAuthority().
Will always return false if the SecurityContextHolder contains an
Authentication with nullprincipal and/or GrantedAuthority[]
objects.
isUserInRole in interface javax.servlet.http.HttpServletRequestisUserInRole in class javax.servlet.http.HttpServletRequestWrapperrole - the GrantedAuthorityString representation to check for
true if an exact (case sensitive) matching granted authority is located,
false otherwisepublic String toString()
toString in class Object
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||