org.springframework.security.web.server.context

Class WebSessionServerSecurityContextRepository

java.lang.Object

org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

All Implemented Interfaces:

ServerSecurityContextRepository

public class WebSessionServerSecurityContextRepository
extends java.lang.Object
implements ServerSecurityContextRepository

Stores the SecurityContext in the WebSession. When a SecurityContext is saved, the session id is changed to prevent session fixation attacks.

Since:

5.0

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME The default session attribute name to save and load the SecurityContext

Constructor Summary

Constructors

Constructor and Description
WebSessionServerSecurityContextRepository()

Method Summary

Modifier and Type	Method and Description
reactor.core.publisher.Mono<org.springframework.security.core.context.SecurityContext>	load(org.springframework.web.server.ServerWebExchange exchange) Loads the SecurityContext associated with the ServerWebExchange
reactor.core.publisher.Mono<java.lang.Void>	save(org.springframework.web.server.ServerWebExchange exchange, org.springframework.security.core.context.SecurityContext context) Saves the SecurityContext
void	setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName) Sets the session attribute name used to save and load the SecurityContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME

public static final java.lang.String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME

The default session attribute name to save and load the SecurityContext

See Also:

Constant Field Values

Constructor Detail

WebSessionServerSecurityContextRepository

public WebSessionServerSecurityContextRepository()

Method Detail

setSpringSecurityContextAttrName

public void setSpringSecurityContextAttrName(java.lang.String springSecurityContextAttrName)

Sets the session attribute name used to save and load the SecurityContext

Parameters:

springSecurityContextAttrName - the session attribute name to use to save and load the SecurityContext

save

public reactor.core.publisher.Mono<java.lang.Void> save(org.springframework.web.server.ServerWebExchange exchange,
                                                        org.springframework.security.core.context.SecurityContext context)

Description copied from interface: ServerSecurityContextRepository

Saves the SecurityContext

Specified by:

save in interface ServerSecurityContextRepository

Parameters:

exchange - the exchange to associate to the SecurityContext

context - the SecurityContext to save

Returns:

a completion notification (success or error)

load

public reactor.core.publisher.Mono<org.springframework.security.core.context.SecurityContext> load(org.springframework.web.server.ServerWebExchange exchange)

Description copied from interface: ServerSecurityContextRepository

Loads the SecurityContext associated with the ServerWebExchange

Specified by:

load in interface ServerSecurityContextRepository

Parameters:

exchange - the exchange to look up the SecurityContext

Returns:

the SecurityContext to lookup or empty if not found. Never null