Document DelegatingSecurityContextRepository
Closes gh-12069
This commit is contained in:
Steve Riesenberg
parent
57b163bb78
commit
9071f10759
|
|
@ -114,6 +114,72 @@ public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||||
----
|
----
|
||||||
====
|
====
|
||||||
|
|
||||||
|
[[delegatingsecuritycontextrepository]]
|
||||||
|
=== DelegatingSecurityContextRepository
|
||||||
|
|
||||||
|
The {security-api-url}org/springframework/security/web/context/DelegatingSecurityContextRepository.html[`DelegatingSecurityContextRepository`] saves the `SecurityContext` to multiple `SecurityContextRepository` delegates and allows retrieval from any of the delegates in a specified order.
|
||||||
|
|
||||||
|
The most useful arrangement for this is configured with the following example, which allows the use of both xref:requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`] and xref:httpsecuritycontextrepository[`HttpSessionSecurityContextRepository`] simultaneously.
|
||||||
|
|
||||||
|
.Configure DelegatingSecurityContextRepository
|
||||||
|
====
|
||||||
|
.Java
|
||||||
|
[source,java,role="primary"]
|
||||||
|
----
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
// ...
|
||||||
|
.securityContext((securityContext) -> securityContext
|
||||||
|
.securityContextRepository(new DelegatingSecurityContextRepository(
|
||||||
|
new RequestAttributeSecurityContextRepository(),
|
||||||
|
new HttpSessionSecurityContextRepository()
|
||||||
|
))
|
||||||
|
);
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
----
|
||||||
|
|
||||||
|
.Kotlin
|
||||||
|
[source,kotlin,role="secondary"]
|
||||||
|
----
|
||||||
|
@Bean
|
||||||
|
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||||
|
http {
|
||||||
|
// ...
|
||||||
|
securityContext {
|
||||||
|
securityContextRepository = DelegatingSecurityContextRepository(
|
||||||
|
RequestAttributeSecurityContextRepository(),
|
||||||
|
HttpSessionSecurityContextRepository()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return http.build()
|
||||||
|
}
|
||||||
|
----
|
||||||
|
|
||||||
|
.XML
|
||||||
|
[source,xml,role="secondary"]
|
||||||
|
----
|
||||||
|
<http security-context-repository-ref="contextRepository">
|
||||||
|
<!-- ... -->
|
||||||
|
</http>
|
||||||
|
<bean name="contextRepository"
|
||||||
|
class="org.springframework.security.web.context.DelegatingSecurityContextRepository">
|
||||||
|
<constructor-arg>
|
||||||
|
<bean class="org.springframework.security.web.context.RequestAttributeSecurityContextRepository" />
|
||||||
|
</constructor-arg>
|
||||||
|
<constructor-arg>
|
||||||
|
<bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
|
||||||
|
</constructor-arg>
|
||||||
|
</bean>
|
||||||
|
----
|
||||||
|
====
|
||||||
|
|
||||||
|
[NOTE]
|
||||||
|
====
|
||||||
|
In Spring Security 6, the example shown above is the default configuration.
|
||||||
|
====
|
||||||
|
|
||||||
[[securitycontextpersistencefilter]]
|
[[securitycontextpersistencefilter]]
|
||||||
== SecurityContextPersistenceFilter
|
== SecurityContextPersistenceFilter
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue