org.springframework.session.web.http

Class SessionRepositoryFilter<S extends ExpiringSession>

java.lang.Object

org.springframework.session.web.http.SessionRepositoryFilter<S>

Type Parameters:

S - the ExpiringSession type.

All Implemented Interfaces:

Filter

@Order(value=-2147483598)
public class SessionRepositoryFilter<S extends ExpiringSession>
extends Object

Switches the HttpSession implementation to be backed by a Session. The SessionRepositoryFilter wraps the HttpServletRequest and overrides the methods to get an HttpSession to be backed by a Session returned by the SessionRepository. The SessionRepositoryFilter uses a HttpSessionStrategy (default CookieHttpSessionStrategy to bridge logic between an HttpSession and the Session abstraction. Specifically:

• The session id is looked up using HttpSessionStrategy.getRequestedSessionId(javax.servlet.http.HttpServletRequest) . The default is to look in a cookie named SESSION.
• The session id of newly created ExpiringSession is sent to the client using
• The client is notified that the session id is no longer valid with HttpSessionStrategy.onInvalidateSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.

Since:

1.0

Author:

Rob Winch

Field Summary

Fields

Modifier and Type	Field and Description
static String	ALREADY_FILTERED_SUFFIX Suffix that gets appended to the filter name for the "already filtered" request attribute.
static int	DEFAULT_ORDER The default filter order.
static String	INVALID_SESSION_ID_ATTR Invalid session id (not backed by the session repository) request attribute name.
static String	SESSION_REPOSITORY_ATTR The session repository request attribute name.

Constructor Summary

Constructors

Constructor and Description
SessionRepositoryFilter(SessionRepository<S> sessionRepository) Creates a new instance.

Method Summary

Modifier and Type	Method and Description
void	destroy()
void	doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) This doFilter implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.
protected void	doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) Same contract as for doFilter, but guaranteed to be just invoked once per request within a single request thread.
void	init(FilterConfig config)
void	setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy) Sets the HttpSessionStrategy to be used.
void	setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy) Sets the MultiHttpSessionStrategy to be used.
void	setServletContext(ServletContext servletContext)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SESSION_REPOSITORY_ATTR

public static final String SESSION_REPOSITORY_ATTR

The session repository request attribute name.

INVALID_SESSION_ID_ATTR

public static final String INVALID_SESSION_ID_ATTR

Invalid session id (not backed by the session repository) request attribute name.

DEFAULT_ORDER

public static final int DEFAULT_ORDER

The default filter order.

See Also:

Constant Field Values

ALREADY_FILTERED_SUFFIX

public static final String ALREADY_FILTERED_SUFFIX

Suffix that gets appended to the filter name for the "already filtered" request attribute.

See Also:

Constant Field Values

Constructor Detail

SessionRepositoryFilter

public SessionRepositoryFilter(SessionRepository<S> sessionRepository)

Creates a new instance.

Parameters:

sessionRepository - the SessionRepository to use. Cannot be null.

Method Detail

setHttpSessionStrategy

public void setHttpSessionStrategy(HttpSessionStrategy httpSessionStrategy)

Sets the HttpSessionStrategy to be used. The default is a CookieHttpSessionStrategy.

Parameters:

httpSessionStrategy - the HttpSessionStrategy to use. Cannot be null.

setHttpSessionStrategy

public void setHttpSessionStrategy(MultiHttpSessionStrategy httpSessionStrategy)

Sets the MultiHttpSessionStrategy to be used. The default is a CookieHttpSessionStrategy.

Parameters:

httpSessionStrategy - the MultiHttpSessionStrategy to use. Cannot be null.

doFilterInternal

protected void doFilterInternal(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain filterChain)
                         throws ServletException,
                                IOException

Same contract as for doFilter, but guaranteed to be just invoked once per request within a single request thread.

Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.

Parameters:

request - the request

response - the response

filterChain - the FilterChain

Throws:

ServletException - thrown when a non-I/O exception has occurred

IOException - thrown when an I/O exception of some sort has occurred

See Also:

Filter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)

setServletContext

public void setServletContext(ServletContext servletContext)

doFilter

public final void doFilter(ServletRequest request,
                           ServletResponse response,
                           FilterChain filterChain)
                    throws ServletException,
                           IOException

This doFilter implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.

Specified by:

doFilter in interface Filter

Parameters:

request - the request

response - the response

filterChain - the filter chain

Throws:

ServletException - if request is not HTTP request

IOException - in case of I/O operation exception

init

public void init(FilterConfig config)

Specified by:

init in interface Filter

destroy

public void destroy()

Specified by:

destroy in interface Filter