public abstract class SaveContextOnUpdateOrErrorResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
SecurityContext
when a
sendError()
, sendRedirect
,
getOutputStream().close()
, getOutputStream().flush()
,
getWriter().close()
, or getWriter().flush()
happens on the
same thread that this SaveContextOnUpdateOrErrorResponseWrapper
was created.
See issue SEC-398 and SEC-2005.
Sub-classes should implement the saveContext(SecurityContext context)
method.
Support is also provided for disabling URL rewriting
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
Constructor and Description |
---|
SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response,
boolean disableUrlRewriting) |
Modifier and Type | Method and Description |
---|---|
void |
disableSaveOnResponseCommitted()
Invoke this method to disable automatic saving of the
SecurityContext when
the HttpServletResponse is committed. |
String |
encodeRedirectUrl(String url) |
String |
encodeRedirectURL(String url) |
String |
encodeUrl(String url) |
String |
encodeURL(String url) |
void |
flushBuffer()
Makes sure the context is stored before calling the superclass
flushBuffer() |
javax.servlet.ServletOutputStream |
getOutputStream()
Makes sure the context is stored before calling
getOutputStream().close() or getOutputStream().flush() |
PrintWriter |
getWriter()
Makes sure the context is stored before calling
getWriter().close() or
getWriter().flush() |
boolean |
isContextSaved()
Tells if the response wrapper has called
saveContext() because of this
wrapper. |
protected abstract void |
saveContext(SecurityContext context)
Implements the logic for storing the security context.
|
void |
sendError(int sc)
Makes sure the session is updated before calling the superclass
sendError() |
void |
sendError(int sc,
String msg)
Makes sure the session is updated before calling the superclass
sendError() |
void |
sendRedirect(String location)
Makes sure the context is stored before calling the superclass
sendRedirect() |
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, setDateHeader, setHeader, setIntHeader, setStatus, setStatus
getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentType, setLocale, setResponse
public SaveContextOnUpdateOrErrorResponseWrapper(javax.servlet.http.HttpServletResponse response, boolean disableUrlRewriting)
response
- the response to be wrappeddisableUrlRewriting
- turns the URL encoding methods into null operations,
preventing the use of URL rewriting to add the session identifier as a URL
parameter.public void disableSaveOnResponseCommitted()
SecurityContext
when
the HttpServletResponse
is committed. This can be useful in the event that
Async Web Requests are made which may no longer contain the SecurityContext
on it.protected abstract void saveContext(SecurityContext context)
context
- the SecurityContext instance to storepublic final void sendError(int sc) throws IOException
sendError()
sendError
in interface javax.servlet.http.HttpServletResponse
sendError
in class javax.servlet.http.HttpServletResponseWrapper
IOException
public final void sendError(int sc, String msg) throws IOException
sendError()
sendError
in interface javax.servlet.http.HttpServletResponse
sendError
in class javax.servlet.http.HttpServletResponseWrapper
IOException
public final void sendRedirect(String location) throws IOException
sendRedirect()
sendRedirect
in interface javax.servlet.http.HttpServletResponse
sendRedirect
in class javax.servlet.http.HttpServletResponseWrapper
IOException
public javax.servlet.ServletOutputStream getOutputStream() throws IOException
getOutputStream().close()
or getOutputStream().flush()
getOutputStream
in interface javax.servlet.ServletResponse
getOutputStream
in class javax.servlet.ServletResponseWrapper
IOException
public PrintWriter getWriter() throws IOException
getWriter().close()
or
getWriter().flush()
getWriter
in interface javax.servlet.ServletResponse
getWriter
in class javax.servlet.ServletResponseWrapper
IOException
public void flushBuffer() throws IOException
flushBuffer()
flushBuffer
in interface javax.servlet.ServletResponse
flushBuffer
in class javax.servlet.ServletResponseWrapper
IOException
public final String encodeRedirectUrl(String url)
encodeRedirectUrl
in interface javax.servlet.http.HttpServletResponse
encodeRedirectUrl
in class javax.servlet.http.HttpServletResponseWrapper
public final String encodeRedirectURL(String url)
encodeRedirectURL
in interface javax.servlet.http.HttpServletResponse
encodeRedirectURL
in class javax.servlet.http.HttpServletResponseWrapper
public final String encodeUrl(String url)
encodeUrl
in interface javax.servlet.http.HttpServletResponse
encodeUrl
in class javax.servlet.http.HttpServletResponseWrapper
public final String encodeURL(String url)
encodeURL
in interface javax.servlet.http.HttpServletResponse
encodeURL
in class javax.servlet.http.HttpServletResponseWrapper
public final boolean isContextSaved()
saveContext()
because of this
wrapper.