S
- the ExpiringSession
type.@Order(value=-2147483598) public class SessionRepositoryFilter<S extends ExpiringSession> extends Object
HttpSession
implementation to be backed by a
Session
.
The SessionRepositoryFilter
wraps the
HttpServletRequest
and overrides the methods to get an
HttpSession
to be backed by a
Session
returned by the
SessionRepository
.
The SessionRepositoryFilter
uses a HttpSessionStrategy
(default
CookieHttpSessionStrategy
to bridge logic between an
HttpSession
and the
Session
abstraction. Specifically:
HttpSessionStrategy.getRequestedSessionId(javax.servlet.http.HttpServletRequest)
. The default is to look in a cookie named SESSION.ExpiringSession
is sent to the client using
HttpSessionStrategy.onInvalidateSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.
Modifier and Type | Field and Description |
---|---|
static String |
ALREADY_FILTERED_SUFFIX
Suffix that gets appended to the filter name for the "already filtered" request
attribute.
|
static int |
DEFAULT_ORDER
The default filter order.
|
static String |
INVALID_SESSION_ID_ATTR
Invalid session id (not backed by the session repository) request attribute name.
|
static String |
SESSION_REPOSITORY_ATTR
The session repository request attribute name.
|
Constructor and Description |
---|
SessionRepositoryFilter(SessionRepository<S> sessionRepository)
Creates a new instance.
|
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain filterChain)
This
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there. |
protected void |
doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
Same contract as for
doFilter , but guaranteed to be just invoked once per
request within a single request thread. |
void |
init(FilterConfig config) |
void |
setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy)
Sets the
HttpSessionStrategy to be used. |
void |
setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy)
Sets the
MultiHttpSessionStrategy to be used. |
void |
setServletContext(ServletContext servletContext) |
public static final String SESSION_REPOSITORY_ATTR
public static final String INVALID_SESSION_ID_ATTR
public static final int DEFAULT_ORDER
public static final String ALREADY_FILTERED_SUFFIX
public SessionRepositoryFilter(SessionRepository<S> sessionRepository)
sessionRepository
- the SessionRepository
to use. Cannot be null.public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy)
HttpSessionStrategy
to be used. The default is a
CookieHttpSessionStrategy
.httpSessionStrategy
- the HttpSessionStrategy
to use. Cannot be null.public void setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy)
MultiHttpSessionStrategy
to be used. The default is a
CookieHttpSessionStrategy
.httpSessionStrategy
- the MultiHttpSessionStrategy
to use. Cannot be
null.protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
doFilter
, but guaranteed to be just invoked once per
request within a single request thread.
Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
request
- the requestresponse
- the responsefilterChain
- the FilterChainServletException
- thrown when a non-I/O exception has occurredIOException
- thrown when an I/O exception of some sort has occurredFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
public void setServletContext(ServletContext servletContext)
public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException
doFilter
implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there.doFilter
in interface Filter
request
- the requestresponse
- the responsefilterChain
- the filter chainServletException
- if request is not HTTP requestIOException
- in case of I/O operation exceptionpublic void init(FilterConfig config)