Document DelegatingSecurityContextRepository
Closes gh-12069
This commit is contained in:
Steve Riesenberg
parent
57b163bb78
commit
9071f10759
|
|
@ -114,6 +114,72 @@ public SecurityFilterChain filterChain(HttpSecurity http) {
|
|||
----
|
||||
====
|
||||
|
||||
[[delegatingsecuritycontextrepository]]
|
||||
=== DelegatingSecurityContextRepository
|
||||
|
||||
The {security-api-url}org/springframework/security/web/context/DelegatingSecurityContextRepository.html[`DelegatingSecurityContextRepository`] saves the `SecurityContext` to multiple `SecurityContextRepository` delegates and allows retrieval from any of the delegates in a specified order.
|
||||
|
||||
The most useful arrangement for this is configured with the following example, which allows the use of both xref:requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`] and xref:httpsecuritycontextrepository[`HttpSessionSecurityContextRepository`] simultaneously.
|
||||
|
||||
.Configure DelegatingSecurityContextRepository
|
||||
====
|
||||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.securityContext((securityContext) -> securityContext
|
||||
.securityContextRepository(new DelegatingSecurityContextRepository(
|
||||
new RequestAttributeSecurityContextRepository(),
|
||||
new HttpSessionSecurityContextRepository()
|
||||
))
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
|
||||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http {
|
||||
// ...
|
||||
securityContext {
|
||||
securityContextRepository = DelegatingSecurityContextRepository(
|
||||
RequestAttributeSecurityContextRepository(),
|
||||
HttpSessionSecurityContextRepository()
|
||||
)
|
||||
}
|
||||
}
|
||||
return http.build()
|
||||
}
|
||||
----
|
||||
|
||||
.XML
|
||||
[source,xml,role="secondary"]
|
||||
----
|
||||
<http security-context-repository-ref="contextRepository">
|
||||
<!-- ... -->
|
||||
</http>
|
||||
<bean name="contextRepository"
|
||||
class="org.springframework.security.web.context.DelegatingSecurityContextRepository">
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.web.context.RequestAttributeSecurityContextRepository" />
|
||||
</constructor-arg>
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
----
|
||||
====
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
In Spring Security 6, the example shown above is the default configuration.
|
||||
====
|
||||
|
||||
[[securitycontextpersistencefilter]]
|
||||
== SecurityContextPersistenceFilter
|
||||
|
|
|
|||
Loading…
Reference in New Issue