public class SessionRepositoryFilter<S extends ExpiringSession> extends Object
HttpSession implementation to be backed by a Session.
The SessionRepositoryFilter wraps the HttpServletRequest and overrides the methods
to get an HttpSession to be backed by a Session returned
by the SessionRepository.
The SessionRepositoryFilter uses a HttpSessionStrategy (default CookieHttpSessionStrategy to
bridge logic between an HttpSession and the Session
abstraction. Specifically:
HttpSessionStrategy.getRequestedSessionId(javax.servlet.http.HttpServletRequest).
The default is to look in a cookie named SESSION.ExpiringSession is sent to the client using
HttpSessionStrategy.onInvalidateSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.
| Modifier and Type | Field and Description |
|---|---|
static String |
ALREADY_FILTERED_SUFFIX
Suffix that gets appended to the filter name for the
"already filtered" request attribute.
|
static int |
DEFAULT_ORDER |
static String |
SESSION_REPOSITORY_ATTR |
| Constructor and Description |
|---|
SessionRepositoryFilter(SessionRepository<S> sessionRepository)
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
void |
destroy() |
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain filterChain)
This
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the
attribute is already there. |
protected void |
doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
Same contract as for
doFilter, but guaranteed to be
just invoked once per request within a single request thread. |
void |
init(FilterConfig config) |
void |
setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy)
Sets the
HttpSessionStrategy to be used. |
void |
setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy)
Sets the
MultiHttpSessionStrategy to be used. |
void |
setServletContext(ServletContext servletContext) |
public static final String SESSION_REPOSITORY_ATTR
public static final int DEFAULT_ORDER
public static final String ALREADY_FILTERED_SUFFIX
public SessionRepositoryFilter(SessionRepository<S> sessionRepository)
sessionRepository - the SessionRepository to use. Cannot be null.public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy)
HttpSessionStrategy to be used. The default is a CookieHttpSessionStrategy.httpSessionStrategy - the HttpSessionStrategy to use. Cannot be null.public void setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy)
MultiHttpSessionStrategy to be used. The default is a CookieHttpSessionStrategy.httpSessionStrategy - the MultiHttpSessionStrategy to use. Cannot be null.protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
doFilter, but guaranteed to be
just invoked once per request within a single request thread.
Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
public void setServletContext(ServletContext servletContext)
public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the
attribute is already there.doFilter in interface FilterServletExceptionIOExceptionpublic void init(FilterConfig config)