Example usage for org.springframework.security.web.context HttpRequestResponseHolder setResponse

List of usage examples for org.springframework.security.web.context HttpRequestResponseHolder setResponse

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.context.*
  5. HttpRequestResponseHolder
  6. setResponse

Introduction

In this page you can find the example usage for org.springframework.security.web.context HttpRequestResponseHolder setResponse.

Prototype

public void setResponse(HttpServletResponse response)

Source Link

Usage

From source file:au.gov.dto.dibp.appointments.security.context.CookieBasedSecurityContextRepository.java

@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    SaveToCookieResponseWrapper responseWrapper = new SaveToCookieResponseWrapper(
            requestResponseHolder.getRequest(), requestResponseHolder.getResponse(), true);
    requestResponseHolder.setResponse(responseWrapper);
    return securityContextSerializer.deserialize(requestResponseHolder.getRequest(),
            requestResponseHolder.getResponse());
}

From source file:au.gov.dto.springframework.security.web.context.CookieSecurityContextRepository.java

/**
 * Obtains the security context for the supplied request. For an unauthenticated user, an empty context
 * implementation should be returned. This method should not return null.
 * <p>// w  ww.j a v a2s. c  om
 * The use of the <tt>HttpRequestResponseHolder</tt> parameter allows implementations to return wrapped versions of
 * the request or response (or both), allowing them to access implementation-specific state for the request.
 * The values obtained from the holder will be passed on to the filter chain and also to the <tt>saveContext</tt>
 * method when it is finally called. Implementations may wish to return a subclass of
 * {@link SaveContextOnUpdateOrErrorResponseWrapper} as the response object, which guarantees that the context is
 * persisted when an error or redirect occurs.
 *
 * @param requestResponseHolder holder for the current request and response for which the context should be loaded.
 *
 * @return The security context which should be used for the current request, never null.
 */
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    HttpServletRequest request = requestResponseHolder.getRequest();
    HttpServletResponse response = requestResponseHolder.getResponse();
    requestResponseHolder.setResponse(new SaveToCookieResponseWrapper(request, response));
    Cookie authenticationCookie = getAuthenticationCookie(request);
    if (authenticationCookie == null) {
        return SecurityContextHolder.createEmptyContext();
    }
    String serialisedAuthentication = tokenEncryption.decryptAndVerify(authenticationCookie.getValue());
    if (serialisedAuthentication == null) {
        response.addCookie(createExpireAuthenticationCookie(request));
        return SecurityContextHolder.createEmptyContext();
    }
    Authentication authentication = authenticationSerializer.deserialize(serialisedAuthentication);
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(authentication);
    return securityContext;
}

From source file:org.carewebframework.security.spring.DesktopSecurityContextRepository.java

/**
 * Gets the security context for the current request (if available) and returns it.
 * <p>/* w ww .  ja  v a  2  s  .co m*/
 * If the session is null, the context object is null or the context object stored in the
 * session is not an instance of <tt>SecurityContext</tt>, a new context object will be
 * generated and returned.
 * <p>
 * If <tt>cloneFromHttpSession</tt> is set to true, it will attempt to clone the context object
 * first and return the cloned instance.
 */
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    HttpServletRequest request = requestResponseHolder.getRequest();
    HttpServletResponse response = requestResponseHolder.getResponse();
    HttpSession httpSession = request.getSession(false);
    SecurityContext context = readSecurityContextFromRequest(request);

    if (context == null) {
        if (log.isDebugEnabled()) {
            log.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
                    + "A new one will be created.");
        }
        context = generateNewContext();

    }

    requestResponseHolder
            .setResponse(new SaveToSessionResponseWrapper(response, request, httpSession != null, context));

    return context;
}

From source file:org.springframework.security.web.context.HttpSessionSecurityContextRepository.java

/**
 * Gets the security context for the current request (if available) and returns it.
 * <p>//  w  w  w .  j  a va 2s .  com
 * If the session is null, the context object is null or the context object stored in
 * the session is not an instance of {@code SecurityContext}, a new context object
 * will be generated and returned.
 */
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    HttpServletRequest request = requestResponseHolder.getRequest();
    HttpServletResponse response = requestResponseHolder.getResponse();
    HttpSession httpSession = request.getSession(false);

    SecurityContext context = readSecurityContextFromSession(httpSession);

    if (context == null) {
        if (logger.isDebugEnabled()) {
            logger.debug("No SecurityContext was available from the HttpSession: " + httpSession + ". "
                    + "A new one will be created.");
        }
        context = generateNewContext();

    }

    SaveToSessionResponseWrapper wrappedResponse = new SaveToSessionResponseWrapper(response, request,
            httpSession != null, context);
    requestResponseHolder.setResponse(wrappedResponse);

    requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, wrappedResponse));

    return context;
}