Class WebSessionServerSecurityContextRepository
java.lang.Object
org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- All Implemented Interfaces:
ServerSecurityContextRepository
public class WebSessionServerSecurityContextRepository
extends Object
implements ServerSecurityContextRepository
Stores the
SecurityContext
in the
WebSession
. When a SecurityContext
is
saved, the session id is changed to prevent session fixation attacks.- Since:
- 5.0
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The default session attribute name to save and load theSecurityContext
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<SecurityContext>
load
(org.springframework.web.server.ServerWebExchange exchange) Loads the SecurityContext associated with theServerWebExchange
reactor.core.publisher.Mono<Void>
save
(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context) Saves the SecurityContextvoid
setCacheSecurityContext
(boolean cacheSecurityContext) If set to true the result ofload(ServerWebExchange)
will useMono.cache()
to prevent multiple lookups.void
setSpringSecurityContextAttrName
(String springSecurityContextAttrName) Sets the session attribute name used to save and load theSecurityContext
-
Field Details
-
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME
The default session attribute name to save and load theSecurityContext
- See Also:
-
-
Constructor Details
-
WebSessionServerSecurityContextRepository
public WebSessionServerSecurityContextRepository()
-
-
Method Details
-
setSpringSecurityContextAttrName
Sets the session attribute name used to save and load theSecurityContext
- Parameters:
springSecurityContextAttrName
- the session attribute name to use to save and load theSecurityContext
-
setCacheSecurityContext
public void setCacheSecurityContext(boolean cacheSecurityContext) If set to true the result ofload(ServerWebExchange)
will useMono.cache()
to prevent multiple lookups.- Parameters:
cacheSecurityContext
- true ifMono.cache()
should be used, else false.
-
save
public reactor.core.publisher.Mono<Void> save(org.springframework.web.server.ServerWebExchange exchange, SecurityContext context) Description copied from interface:ServerSecurityContextRepository
Saves the SecurityContext- Specified by:
save
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to associate to the SecurityContextcontext
- the SecurityContext to save- Returns:
- a completion notification (success or error)
-
load
public reactor.core.publisher.Mono<SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange) Description copied from interface:ServerSecurityContextRepository
Loads the SecurityContext associated with theServerWebExchange
- Specified by:
load
in interfaceServerSecurityContextRepository
- Parameters:
exchange
- the exchange to look up theSecurityContext
- Returns:
- the
SecurityContext
to lookup or empty if not found. Never null
-