Results 1 to 4 of 4

Thread: What is SecurityContextHolderAwareRequestFilter?

  1. Feb 22nd, 2012, 05:46 AM #1
    sutharhemal
    sutharhemal is offline Junior Member
    Join Date
    Feb 2012
    Posts
    9

    Question What is SecurityContextHolderAwareRequestFilter?

    Hi,I am new with the Spring Security Framework.
    Can anyone please tell me what is the SecurityContextHolderAwareRequestFilter?
    and when can i use this filter?
    i have refered many URLs from Google but not getting exatly.
    Reply With Quote Reply With Quote
  2. Feb 23rd, 2012, 03:31 AM #2
    jbbarquero
    jbbarquero is offline Senior Member
    Join Date
    May 2006
    Location
    Madrid
    Posts
    382

    Default

    SecurityContextHolderAwareRequestFilter provides the standard servlet API security methods, using a request wrapper which accesses the SecurityContext.

    For instance, if you want to ask for the user in this way:

    Code:
    <c:if test="${pageContext['request'].userPrincipal != null}">
    You'll need Spring Security to put that information in the Servlet API.

    See B.1.2 http namespace to see how can it be configured (since it's optional). Basically use servlet-api-provision.

    It'll be placed in the fifth place in Filter Chain. See 8.3 Filter Ordering
    Reply With Quote Reply With Quote
  3. Feb 28th, 2012, 06:48 AM #3
    sutharhemal
    sutharhemal is offline Junior Member
    Join Date
    Feb 2012
    Posts
    9

    Default

    Thanx in advance.
    Can you please Explain in Detail?
    Reply With Quote Reply With Quote
  4. Feb 28th, 2012, 07:53 AM #4
    jbbarquero
    jbbarquero is offline Senior Member
    Join Date
    May 2006
    Location
    Madrid
    Posts
    382

    Default

    I don't understand your question.

    Maybe the best option is to take a look at Spring Security site/ where you can find a lot of documentation (Getting Started, tutorials and so on)

    Furthermore, it recommends a book that I found very useful to understand Spring Security: Spring Security book

    In fact, there's little detail to explain.

    If you find you need in your code calls to the HttpServletRequest interface (something like req.isUserInRole("ADMIN"), req.getAuthentication(), req.getRemoteUser()...)), SecurityContextHolderAwareRequestFilter will allow you to use in your code, because this filter populates the ServletRequest in order you can use the servlet API security methods (the ones shown a little words earlier)

    Just a clarification, servlet-api-provision defaults to true, so you don't need to specify it in the tag http from the security namespace.

    I mean, you have it configured just with:

    Code:
        <http auto-config="true" use-expressions="true">
    	<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
        <logout logout-url="/resources/j_spring_security_logout"/>
        
        <!-- Configure these elements to secure URIs in your application -->
        <intercept-url pattern="/**" access="permitAll" />
    </http>

	<!-- Etc... -->
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules