Package org.springframework.security.web.server.context

Class WebSessionServerSecurityContextRepository

  • All Implemented Interfaces:
    ServerSecurityContextRepository
    public class WebSessionServerSecurityContextRepository
extends java.lang.Object
implements ServerSecurityContextRepository
    Stores the SecurityContext in the WebSession. When a SecurityContext is saved, the session id is changed to prevent session fixation attacks.
    Since:
    5.0

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      reactor.core.publisher.Mono<org.springframework.security.core.context.SecurityContext> load​(org.springframework.web.server.ServerWebExchange exchange)
      Loads the SecurityContext associated with the ServerWebExchange
      reactor.core.publisher.Mono<java.lang.Void> save​(org.springframework.web.server.ServerWebExchange exchange, org.springframework.security.core.context.SecurityContext context)
      Saves the SecurityContext
      void setCacheSecurityContext​(boolean cacheSecurityContext)
      If set to true the result of load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.
      void setSpringSecurityContextAttrName​(java.lang.String springSecurityContextAttrName)
      Sets the session attribute name used to save and load the SecurityContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME

        public static final java.lang.String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
        The default session attribute name to save and load the SecurityContext
        See Also:
        Constant Field Values

    • Constructor Detail

      • WebSessionServerSecurityContextRepository

        public WebSessionServerSecurityContextRepository()

    • Method Detail

      • setSpringSecurityContextAttrName

        public void setSpringSecurityContextAttrName​(java.lang.String springSecurityContextAttrName)
        Sets the session attribute name used to save and load the SecurityContext
        Parameters:
        springSecurityContextAttrName - the session attribute name to use to save and load the SecurityContext

      • setCacheSecurityContext

        public void setCacheSecurityContext​(boolean cacheSecurityContext)
        If set to true the result of load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.
        Parameters:
        cacheSecurityContext - true if Mono.cache() should be used, else false.

      • save

        public reactor.core.publisher.Mono<java.lang.Void> save​(org.springframework.web.server.ServerWebExchange exchange,
                                                        org.springframework.security.core.context.SecurityContext context)
        Description copied from interface: ServerSecurityContextRepository
        Saves the SecurityContext
        Specified by:
        save in interface ServerSecurityContextRepository
        Parameters:
        exchange - the exchange to associate to the SecurityContext
        context - the SecurityContext to save
        Returns:
        a completion notification (success or error)

      • load

        public reactor.core.publisher.Mono<org.springframework.security.core.context.SecurityContext> load​(org.springframework.web.server.ServerWebExchange exchange)
        Description copied from interface: ServerSecurityContextRepository
        Loads the SecurityContext associated with the ServerWebExchange
        Specified by:
        load in interface ServerSecurityContextRepository
        Parameters:
        exchange - the exchange to look up the SecurityContext
        Returns:
        the SecurityContext to lookup or empty if not found. Never null