Class SecurityContextHolderFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.web.filter.OncePerRequestFilter
-
- org.springframework.security.web.context.SecurityContextHolderFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SecurityContextHolderFilter extends org.springframework.web.filter.OncePerRequestFilter
AFilter
that uses theSecurityContextRepository
to obtain theSecurityContext
and set it on theSecurityContextHolder
. This is similar toSecurityContextPersistenceFilter
except that theSecurityContextRepository.saveContext(SecurityContext, HttpServletRequest, HttpServletResponse)
must be explicitly invoked to save theSecurityContext
. This improves the efficiency and provides better flexibility by allowing different authentication mechanisms to choose individually if authentication should be persisted.- Since:
- 5.7
-
-
Constructor Summary
Constructors Constructor Description SecurityContextHolderFilter(SecurityContextRepository securityContextRepository)
Creates a new instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
void
setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use.void
setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch)
DisablesSecurityContextHolderFilter
for error dispatch.protected boolean
shouldNotFilterErrorDispatch()
-
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch
-
-
-
-
Constructor Detail
-
SecurityContextHolderFilter
public SecurityContextHolderFilter(SecurityContextRepository securityContextRepository)
Creates a new instance.- Parameters:
securityContextRepository
- the repository to use. Cannot be null.
-
-
Method Detail
-
doFilterInternal
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
- Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
javax.servlet.ServletException
java.io.IOException
-
shouldNotFilterErrorDispatch
protected boolean shouldNotFilterErrorDispatch()
- Overrides:
shouldNotFilterErrorDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setShouldNotFilterErrorDispatch
public void setShouldNotFilterErrorDispatch(boolean shouldNotFilterErrorDispatch)
DisablesSecurityContextHolderFilter
for error dispatch.- Parameters:
shouldNotFilterErrorDispatch
- if the Filter should be disabled for error dispatch. Default is false.
-
-