@groovy.transform.CompileStatic @groovy.util.logging.Slf4j class SecurityRequestHolderFilter extends GenericFilterBean
Stores the request and response in the SecurityRequestHolder. Also wraps the request in a wrapper that is aware of the X-Forwarded-Proto header and returns the correct value from isSecure(), getScheme(), and getServerPort() if the header is present.
| Type | Name and description |
|---|---|
java.lang.String |
insecureHeaderName |
java.lang.String |
insecureHeaderValue |
PortMapper |
portMapper |
PortResolver |
portResolver |
java.lang.String |
secureHeaderName |
java.lang.String |
secureHeaderValue |
boolean |
useHeaderCheckChannelSecurity |
| Constructor and description |
|---|
SecurityRequestHolderFilter() |
| Type Params | Return Type | Name and description |
|---|---|---|
|
void |
doFilter(ServletRequest req, ServletResponse response, FilterChain chain) |
|
protected HttpServletRequest |
wrapRequest(HttpServletRequest request)If using header check channel security, look for the specified header (typically 'X-Forwarded-Proto') and if found, return a request wrapper that returns the correct values for isSecure(), getScheme(), and getServerPort(). |
If using header check channel security, look for the specified header (typically 'X-Forwarded-Proto') and if found, return a request wrapper that returns the correct values for isSecure(), getScheme(), and getServerPort(). Note that the values are switched intentionally since they're configured for channel security.
request - the original request