Module de.codecamp.vaadin.security.spring

Package de.codecamp.vaadin.security.spring.authentication

Class VaadinSecurityContextHolderStrategy

java.lang.Object

de.codecamp.vaadin.security.spring.authentication.VaadinSecurityContextHolderStrategy

All Implemented Interfaces:

org.springframework.security.core.context.SecurityContextHolderStrategy

public class VaadinSecurityContextHolderStrategy
extends Object
implements org.springframework.security.core.context.SecurityContextHolderStrategy

A SecurityContextHolderStrategy that also uses the current VaadinSession, if available, to determine the SecurityContext. Otherwise the behavior is that of the default SecurityContextHolder.MODE_THREADLOCAL.

After authentication the SecurityContext is (unless configured otherwise) stored in the HTTP session via a HttpSessionSecurityContextRepository, which can be accessed wherever the current VaadinSession is available. However, security contexts with an anonymous authentication are not saved and instead recreated with every request by the AnonymousAuthenticationFilter. This means that when e.g. accessing the Vaadin UI from a background thread no authentication would be available; Spring Security however expects any kind of Authentication when checking access rights. For that reason the VaadinSecurityContextStorageServiceInitListener always stores the latest anonymous authentication in the Vaadin session.

Constructor Summary

Constructors

Constructor	Description
VaadinSecurityContextHolderStrategy()

Method Summary

Modifier and Type	Method	Description
void	clearContext()
org.springframework.security.core.context.SecurityContext	createEmptyContext()
org.springframework.security.core.context.SecurityContext	getContext()
void	setContext(org.springframework.security.core.context.SecurityContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

VaadinSecurityContextHolderStrategy

public VaadinSecurityContextHolderStrategy()

Method Details

clearContext

public void clearContext()

Specified by:

clearContext in interface org.springframework.security.core.context.SecurityContextHolderStrategy

getContext

public org.springframework.security.core.context.SecurityContext getContext()

Specified by:

getContext in interface org.springframework.security.core.context.SecurityContextHolderStrategy

setContext

public void setContext(org.springframework.security.core.context.SecurityContext context)

Specified by:

setContext in interface org.springframework.security.core.context.SecurityContextHolderStrategy

createEmptyContext

public org.springframework.security.core.context.SecurityContext createEmptyContext()

Specified by:

createEmptyContext in interface org.springframework.security.core.context.SecurityContextHolderStrategy