org.springframework.security.web.servletapi
Class SecurityContextHolderAwareRequestWrapper

java.lang.Object
  extended by javax.servlet.ServletRequestWrapper
      extended by javax.servlet.http.HttpServletRequestWrapper
          extended by org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
All Implemented Interfaces:
HttpServletRequest, ServletRequest

public class SecurityContextHolderAwareRequestWrapper
extends HttpServletRequestWrapper

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods isUserInRole(String) and HttpServletRequestWrapper.getRemoteUser().

Version:
$Id: SecurityContextHolderAwareRequestWrapper.java 3925 2009-10-05 19:28:53Z ltaylor $
Author:
Orlando Garcia Carmona, Ben Alex, Luke Taylor
See Also:
SecurityContextHolderAwareRequestFilter

Field Summary
 
Fields inherited from interface javax.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
 
Constructor Summary
SecurityContextHolderAwareRequestWrapper(HttpServletRequest request, String rolePrefix)
           
 
Method Summary
 String getRemoteUser()
          Returns the principal's name, as obtained from the SecurityContextHolder.
 Principal getUserPrincipal()
          Returns the Authentication (which is a subclass of Principal), or null if unavailable.
 boolean isUserInRole(String role)
          Simple searches for an exactly matching GrantedAuthority.getAuthority().
 
Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid
 
Methods inherited from class javax.servlet.ServletRequestWrapper
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface javax.servlet.ServletRequest
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding
 

Constructor Detail

SecurityContextHolderAwareRequestWrapper

public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request,
                                                String rolePrefix)
Method Detail

getRemoteUser

public String getRemoteUser()
Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles both String-based and UserDetails-based principals.

Specified by:
getRemoteUser in interface HttpServletRequest
Overrides:
getRemoteUser in class HttpServletRequestWrapper
Returns:
the username or null if unavailable

getUserPrincipal

public Principal getUserPrincipal()
Returns the Authentication (which is a subclass of Principal), or null if unavailable.

Specified by:
getUserPrincipal in interface HttpServletRequest
Overrides:
getUserPrincipal in class HttpServletRequestWrapper
Returns:
the Authentication, or null

isUserInRole

public boolean isUserInRole(String role)
Simple searches for an exactly matching GrantedAuthority.getAuthority().

Will always return false if the SecurityContextHolder contains an Authentication with nullprincipal and/or GrantedAuthority[] objects.

Specified by:
isUserInRole in interface HttpServletRequest
Overrides:
isUserInRole in class HttpServletRequestWrapper
Parameters:
role - the GrantedAuthorityString representation to check for
Returns:
true if an exact (case sensitive) matching granted authority is located, false otherwise


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.