Class SecurityContextPersistenceFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.context.SecurityContextPersistenceFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
@Deprecated public class SecurityContextPersistenceFilter extends org.springframework.web.filter.GenericFilterBean
Deprecated.Populates theSecurityContextHolder
with information obtained from the configuredSecurityContextRepository
prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses anHttpSessionSecurityContextRepository
. See this class for information HttpSession related configuration options.This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.
This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the
SecurityContextHolder
to contain a validSecurityContext
by the time they execute.This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.
The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is
false
, as this is resource intensive and not recommended).- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description SecurityContextPersistenceFilter()
Deprecated.SecurityContextPersistenceFilter(SecurityContextRepository repo)
Deprecated.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Deprecated.void
setForceEagerSessionCreation(boolean forceEagerSessionCreation)
Deprecated.void
setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
Deprecated.Sets theSecurityContextHolderStrategy
to use.
-
-
-
Constructor Detail
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter()
Deprecated.
-
SecurityContextPersistenceFilter
public SecurityContextPersistenceFilter(SecurityContextRepository repo)
Deprecated.
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
Deprecated.- Throws:
java.io.IOException
javax.servlet.ServletException
-
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
Deprecated.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)
Deprecated.Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
-