Steve Riesenberg
commit
1a3be83084
|
|
@ -114,6 +114,72 @@ public SecurityFilterChain filterChain(HttpSecurity http) {
|
|||
----
|
||||
====
|
||||
|
||||
[[delegatingsecuritycontextrepository]]
|
||||
=== DelegatingSecurityContextRepository
|
||||
|
||||
The {security-api-url}org/springframework/security/web/context/DelegatingSecurityContextRepository.html[`DelegatingSecurityContextRepository`] saves the `SecurityContext` to multiple `SecurityContextRepository` delegates and allows retrieval from any of the delegates in a specified order.
|
||||
|
||||
The most useful arrangement for this is configured with the following example, which allows the use of both xref:requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`] and xref:httpsecuritycontextrepository[`HttpSessionSecurityContextRepository`] simultaneously.
|
||||
|
||||
.Configure DelegatingSecurityContextRepository
|
||||
====
|
||||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.securityContext((securityContext) -> securityContext
|
||||
.securityContextRepository(new DelegatingSecurityContextRepository(
|
||||
new RequestAttributeSecurityContextRepository(),
|
||||
new HttpSessionSecurityContextRepository()
|
||||
))
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http {
|
||||
// ...
|
||||
securityContext {
|
||||
securityContextRepository = DelegatingSecurityContextRepository(
|
||||
RequestAttributeSecurityContextRepository(),
|
||||
HttpSessionSecurityContextRepository()
|
||||
)
|
||||
}
|
||||
}
|
||||
return http.build()
|
||||
}
|
||||
----
|
||||
|
||||
.XML
|
||||
[source,xml,role="secondary"]
|
||||
----
|
||||
<http security-context-repository-ref="contextRepository">
|
||||
<!-- ... -->
|
||||
</http>
|
||||
<bean name="contextRepository"
|
||||
class="org.springframework.security.web.context.DelegatingSecurityContextRepository">
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.web.context.RequestAttributeSecurityContextRepository" />
|
||||
</constructor-arg>
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
----
|
||||
====
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
In Spring Security 6, the example shown above is the default configuration.
|
||||
====
|
||||
|
||||
[[securitycontextpersistencefilter]]
|
||||
== SecurityContextPersistenceFilter
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -33,6 +33,7 @@ import org.springframework.web.util.WebUtils;
|
|||
* AngularJS. When using with AngularJS be sure to use {@link #withHttpOnlyFalse()}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @author Steve Riesenberg
|
||||
* @since 4.1
|
||||
*/
|
||||
public final class CookieCsrfTokenRepository implements CsrfTokenRepository {
|
||||
|
|
|
|||
Loading…
Reference in New Issue