SecurityContextPersistenceFilter

extends GenericFilterBean

java.lang.Object
↳	org.springframework.web.filter.GenericFilterBean
	↳	org.springframework.security.web.context.SecurityContextPersistenceFilter

Class Overview

Populates the SecurityContextHolder with information obtained from the configured SecurityContextRepository prior to the request and stores it back in the repository once the request has completed and clearing the context holder. By default it uses an HttpSessionSecurityContextRepository. See this class for information HttpSession related configuration options.

This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.

This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder to contain a valid SecurityContext by the time they execute.

This is essentially a refactoring of the old HttpSessionContextIntegrationFilter to delegate the storage issues to a separate strategy, allowing for more customization in the way the security context is maintained between requests.

The forceEagerSessionCreation property can be used to ensure that a session is always available before the filter chain executes (the default is false, as this is resource intensive and not recommended).

Summary

[Expand]

Inherited Fields

From class org.springframework.web.filter.GenericFilterBean

Public Constructors
	SecurityContextPersistenceFilter()
	SecurityContextPersistenceFilter(SecurityContextRepository repo)

Public Methods
void	doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
void	setForceEagerSessionCreation(boolean forceEagerSessionCreation)
void	setSecurityContextRepository(SecurityContextRepository repo) This method is deprecated. Use constructor injection

[Expand]

Inherited Methods

From class org.springframework.web.filter.GenericFilterBean

final void	addRequiredProperty(String arg0)
void	afterPropertiesSet()
void	destroy()
final FilterConfig	getFilterConfig()
final String	getFilterName()
final ServletContext	getServletContext()
final void	init(FilterConfig arg0)
void	initBeanWrapper(BeanWrapper arg0)
void	initFilterBean()
final void	setBeanName(String arg0)
final void	setFilterConfig(FilterConfig arg0)
final void	setServletContext(ServletContext arg0)

From class java.lang.Object

From interface javax.servlet.Filter

From interface org.springframework.beans.factory.BeanNameAware

From interface org.springframework.beans.factory.DisposableBean

From interface org.springframework.beans.factory.InitializingBean

From interface org.springframework.web.context.ServletContextAware

Public Constructors

public SecurityContextPersistenceFilter ()

public SecurityContextPersistenceFilter (SecurityContextRepository repo)

Public Methods

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws

IOException
ServletException

public void setForceEagerSessionCreation (boolean forceEagerSessionCreation)

public void setSecurityContextRepository (SecurityContextRepository repo)

This method is deprecated.
Use constructor injection

Interfaces

Classes