org.springframework.security.wrapper

Class SecurityContextHolderAwareRequestWrapper

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

Direct Known Subclasses:

SavedRequestAwareWrapper

public class SecurityContextHolderAwareRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object for isUserInRole(java.lang.String) and HttpServletRequestWrapper.getRemoteUser() responses.

Version:

$Id$

Author:

Orlando Garcia Carmona, Ben Alex

See Also:

SecurityContextHolderAwareRequestFilter

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor and Description
SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request, PortResolver portResolver, java.lang.String rolePrefix)

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.String	getRemoteUser() Returns the principal's name, as obtained from the SecurityContextHolder.
java.security.Principal	getUserPrincipal() Returns the Authentication (which is a subclass of Principal), or null if unavailable.
boolean	isUserInRole(java.lang.String role) Simple searches for an exactly matching GrantedAuthority.getAuthority().

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Constructor Detail

SecurityContextHolderAwareRequestWrapper

public SecurityContextHolderAwareRequestWrapper(javax.servlet.http.HttpServletRequest request,
                                        PortResolver portResolver,
                                        java.lang.String rolePrefix)

Method Detail

getRemoteUser

public java.lang.String getRemoteUser()

Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.

Specified by:

getRemoteUser in interface javax.servlet.http.HttpServletRequest

Overrides:

getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper

Returns:

the username or null if unavailable

getUserPrincipal

public java.security.Principal getUserPrincipal()

Returns the Authentication (which is a subclass of Principal), or null if unavailable.

Specified by:

getUserPrincipal in interface javax.servlet.http.HttpServletRequest

Overrides:

getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper

Returns:

the Authentication, or null

isUserInRole

public boolean isUserInRole(java.lang.String role)

Simple searches for an exactly matching GrantedAuthority.getAuthority().

Will always return false if the SecurityContextHolder contains an Authentication with nullprincipal and/or GrantedAuthority[] objects.

Specified by:

isUserInRole in interface javax.servlet.http.HttpServletRequest

Overrides:

isUserInRole in class javax.servlet.http.HttpServletRequestWrapper

Parameters:

role - the GrantedAuthorityString representation to check for

Returns:

true if an exact (case sensitive) matching granted authority is located, false otherwise