Package org.springframework.security.web.server.context

Class WebSessionServerSecurityContextRepository

java.lang.Object

org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

All Implemented Interfaces:

ServerSecurityContextRepository

public class WebSessionServerSecurityContextRepository
extends Object
implements ServerSecurityContextRepository

Stores the SecurityContext in the WebSession. When a SecurityContext is saved, the session id is changed to prevent session fixation attacks.

Since:

5.0

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME	The default session attribute name to save and load the SecurityContext

Constructor Summary

Constructors

Constructor	Description
WebSessionServerSecurityContextRepository()

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<SecurityContext>	load(org.springframework.web.server.ServerWebExchange exchange)	Loads the SecurityContext associated with the ServerWebExchange
reactor.core.publisher.Mono<Void>	save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context)	Saves the SecurityContext
void	setCacheSecurityContext(boolean cacheSecurityContext)	If set to true the result of load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.
void	setSpringSecurityContextAttrName(String springSecurityContextAttrName)	Sets the session attribute name used to save and load the SecurityContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME

public static final String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME

The default session attribute name to save and load the SecurityContext

See Also:

• Constant Field Values

Constructor Details

WebSessionServerSecurityContextRepository

public WebSessionServerSecurityContextRepository()

Method Details

setSpringSecurityContextAttrName

public void setSpringSecurityContextAttrName(String springSecurityContextAttrName)

Sets the session attribute name used to save and load the SecurityContext

Parameters:

springSecurityContextAttrName - the session attribute name to use to save and load the SecurityContext

setCacheSecurityContext

public void setCacheSecurityContext(boolean cacheSecurityContext)

If set to true the result of load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.

Parameters:

cacheSecurityContext - true if Mono.cache() should be used, else false.

save

public reactor.core.publisher.Mono<Void> save(org.springframework.web.server.ServerWebExchange exchange,
 SecurityContext context)

Description copied from interface: ServerSecurityContextRepository

Saves the SecurityContext

Specified by:

save in interface ServerSecurityContextRepository

Parameters:

exchange - the exchange to associate to the SecurityContext

context - the SecurityContext to save

Returns:

a completion notification (success or error)

load

public reactor.core.publisher.Mono<SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerSecurityContextRepository

Loads the SecurityContext associated with the ServerWebExchange

Specified by:

load in interface ServerSecurityContextRepository

Parameters:

exchange - the exchange to look up the SecurityContext

Returns:

the SecurityContext to lookup or empty if not found. Never null