Package org.springframework.security.web.context

Interface SecurityContextRepository

All Known Implementing Classes:

DelegatingSecurityContextRepository, HttpSessionSecurityContextRepository, NullSecurityContextRepository, RequestAttributeSecurityContextRepository

public interface SecurityContextRepository

Strategy used for persisting a SecurityContext between requests.

Used by SecurityContextPersistenceFilter to obtain the context which should be used for the current thread of execution and to store the context once it has been removed from thread-local storage and the request has completed.

The persistence mechanism used will depend on the implementation, but most commonly the HttpSession will be used to store the context.

Since:

3.0

See Also:

SecurityContextPersistenceFilter, HttpSessionSecurityContextRepository, SaveContextOnUpdateOrErrorResponseWrapper

Method Summary

Modifier and Type	Method	Description
boolean	containsContext(javax.servlet.http.HttpServletRequest request)	Allows the repository to be queried as to whether it contains a security context for the current request.
default java.util.function.Supplier<org.springframework.security.core.context.SecurityContext>	loadContext(javax.servlet.http.HttpServletRequest request)	Deprecated. Use loadDeferredContext(HttpServletRequest) instead
org.springframework.security.core.context.SecurityContext	loadContext(HttpRequestResponseHolder requestResponseHolder)	Deprecated. Use loadDeferredContext(HttpServletRequest) instead.
default org.springframework.security.core.context.DeferredSecurityContext	loadDeferredContext(javax.servlet.http.HttpServletRequest request)	Defers loading the SecurityContext using the HttpServletRequest until it is needed by the application.
void	saveContext(org.springframework.security.core.context.SecurityContext context, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Stores the security context on completion of a request.

Method Detail

loadContext

@Deprecated
org.springframework.security.core.context.SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder)

Deprecated.

Use loadDeferredContext(HttpServletRequest) instead.

Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.

The use of the HttpRequestResponseHolder parameter allows implementations to return wrapped versions of the request or response (or both), allowing them to access implementation-specific state for the request. The values obtained from the holder will be passed on to the filter chain and also to the saveContext method when it is finally called to allow implicit saves of the SecurityContext. Implementations may wish to return a subclass of SaveContextOnUpdateOrErrorResponseWrapper as the response object, which guarantees that the context is persisted when an error or redirect occurs. Implementations may allow passing in the original request response to allow explicit saves.

Parameters:

requestResponseHolder - holder for the current request and response for which the context should be loaded.

Returns:

The security context which should be used for the current request, never null.

loadContext

@Deprecated
default java.util.function.Supplier<org.springframework.security.core.context.SecurityContext> loadContext(javax.servlet.http.HttpServletRequest request)

Deprecated.

Use loadDeferredContext(HttpServletRequest) instead

Obtains the security context for the supplied request. For an unauthenticated user, an empty context implementation should be returned. This method should not return null.

Parameters:

request - the HttpServletRequest to load the SecurityContext from

Returns:

a Supplier that returns the SecurityContext which cannot be null.

Since:

5.7

loadDeferredContext

default org.springframework.security.core.context.DeferredSecurityContext loadDeferredContext(javax.servlet.http.HttpServletRequest request)

Defers loading the SecurityContext using the HttpServletRequest until it is needed by the application.

Parameters:

request - the HttpServletRequest to load the SecurityContext from

Returns:

a DeferredSecurityContext that returns the SecurityContext which cannot be null

Since:

5.8

saveContext

void saveContext(org.springframework.security.core.context.SecurityContext context,
                 javax.servlet.http.HttpServletRequest request,
                 javax.servlet.http.HttpServletResponse response)

Stores the security context on completion of a request.

Parameters:

context - the non-null context which was obtained from the holder.

request -

response -

containsContext

boolean containsContext(javax.servlet.http.HttpServletRequest request)

Allows the repository to be queried as to whether it contains a security context for the current request.

Parameters:

request - the current request

Returns:

true if a context is found for the request, false otherwise