Home/ Questions/Q 8209805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T09:51:18+00:00

I am using Spring and Spring-Security in a Vaadin application. I want to check

  • 0

I am using Spring and Spring-Security in a Vaadin application.

I want to check if the user has a certain role using SecurityContextHolderAwareRequestWrapper.isUserInRole(…) but cannot figure out how to get a reference to the wrapper (I tried injecting this using @Autowired, NB: I did not manually configure an instance of it as I believe the DelegatingFilterProxy is already doing this behind the scenes).

This stack overflow issue provided me with the solution, but I cannot uncover how to access or instantiate the wrapper properly.

My other alternative is to access the SecurityContext directly and iterate though the GrantedAuthorities as per the other suggestions in the linked SO issue.

How should I access/instantiate the wrapper?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It should work out of the box, at least in Spring Security 3.1 (every HttpServletRequest in security chain should be instance of SecurityContextHolderAwareRequestWrapper).

    servlet-api-provision attribute of <http> element adds to stack:

    Provides versions of HttpServletRequest security methods such as
    isUserInRole() and getPrincipal() which are implemented by adding a
    SecurityContextHolderAwareRequestFilter bean to the stack. Defaults to
    true.

    The filter SecurityContextHolderAwareRequestFilter is simple and only wraps HttpServletRequest in SecurityContextHolderAwareRequestWrapper:

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
    chain.doFilter(new SecurityContextHolderAwareRequestWrapper(
            (HttpServletRequest) req, rolePrefix), res);
}

    (Watch out bug #SEC-1943 – the filter has wrong name assigned to alias SERVLET_API_SUPPORT_FILTER.)

    • 0