public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper
HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement the servlet API security
methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().| Constructor and Description |
|---|
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
String rolePrefix) |
| Modifier and Type | Method and Description |
|---|---|
String |
getRemoteUser()
Returns the principal's name, as obtained from the
SecurityContextHolder. |
Principal |
getUserPrincipal()
Returns the
Authentication (which is a subclass of Principal), or
null if unavailable. |
boolean |
isUserInRole(String role)
Simple searches for an exactly matching
GrantedAuthority.getAuthority(). |
String |
toString() |
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValidgetAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequestclone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitgetAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncodingpublic SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
String rolePrefix)
public String getRemoteUser()
SecurityContextHolder. Properly handles
both String-based and UserDetails-based principals.getRemoteUser in interface javax.servlet.http.HttpServletRequestgetRemoteUser in class javax.servlet.http.HttpServletRequestWrappernull if unavailablepublic Principal getUserPrincipal()
Authentication (which is a subclass of Principal), or
null if unavailable.getUserPrincipal in interface javax.servlet.http.HttpServletRequestgetUserPrincipal in class javax.servlet.http.HttpServletRequestWrapperAuthentication, or nullpublic boolean isUserInRole(String role)
GrantedAuthority.getAuthority().
Will always return false if the SecurityContextHolder contains an
Authentication with nullprincipal and/or GrantedAuthority[]
objects.
isUserInRole in interface javax.servlet.http.HttpServletRequestisUserInRole in class javax.servlet.http.HttpServletRequestWrapperrole - the GrantedAuthorityString representation to check fortrue if an exact (case sensitive) matching granted authority is located,
false otherwise