S
- the Session
type.@Order(value=-2147483598)
public class SessionRepositoryFilter<S extends Session>
extends java.lang.Object
HttpSession
implementation to be backed by a
Session
.
The SessionRepositoryFilter
wraps the
HttpServletRequest
and overrides the methods to get an
HttpSession
to be backed by a
Session
returned by the
SessionRepository
.
The SessionRepositoryFilter
uses a HttpSessionIdResolver
(default
CookieHttpSessionIdResolver
) to bridge logic between an
HttpSession
and the
Session
abstraction. Specifically:
HttpSessionIdResolver.resolveSessionIds(javax.servlet.http.HttpServletRequest)
. The default is to look in a cookie named SESSION.Session
is sent
to the client using
HttpSessionIdResolver.expireSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ALREADY_FILTERED_SUFFIX
Suffix that gets appended to the filter name for the "already filtered" request
attribute.
|
static int |
DEFAULT_ORDER
The default filter order.
|
static java.lang.String |
INVALID_SESSION_ID_ATTR
Invalid session id (not backed by the session repository) request attribute name.
|
static java.lang.String |
SESSION_REPOSITORY_ATTR
The session repository request attribute name.
|
Constructor and Description |
---|
SessionRepositoryFilter(SessionRepository<S> sessionRepository)
Creates a new instance.
|
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
This
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there. |
protected void |
doFilterInternal(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain filterChain)
Same contract as for
doFilter , but guaranteed to be just invoked once per
request within a single request thread. |
protected void |
doFilterNestedErrorDispatch(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain filterChain)
Typically an ERROR dispatch happens after the REQUEST dispatch completes, and the
filter chain starts anew.
|
protected java.lang.String |
getAlreadyFilteredAttributeName()
Return the name of the request attribute that identifies that a request is already
filtered.
|
void |
init(javax.servlet.FilterConfig config) |
void |
setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)
Sets the
HttpSessionIdResolver to be used. |
void |
setServletContext(javax.servlet.ServletContext servletContext) |
public static final java.lang.String SESSION_REPOSITORY_ATTR
public static final java.lang.String INVALID_SESSION_ID_ATTR
public static final int DEFAULT_ORDER
public static final java.lang.String ALREADY_FILTERED_SUFFIX
public SessionRepositoryFilter(SessionRepository<S> sessionRepository)
sessionRepository
- the SessionRepository
to use. Cannot be null.public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)
HttpSessionIdResolver
to be used. The default is a
CookieHttpSessionIdResolver
.httpSessionIdResolver
- the HttpSessionIdResolver
to use. Cannot be
null.protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
doFilter
, but guaranteed to be just invoked once per
request within a single request thread.
Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
request
- the requestresponse
- the responsefilterChain
- the FilterChainjavax.servlet.ServletException
- thrown when a non-I/O exception has occurredjava.io.IOException
- thrown when an I/O exception of some sort has occurredFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
public void setServletContext(javax.servlet.ServletContext servletContext)
protected void doFilterNestedErrorDispatch(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
sendError
on the
response. In that case we are still in the filter chain, on the same thread, but
the request and response have been switched to the original, unwrapped ones.
Sub-classes may use this method to filter such nested ERROR dispatches and re-apply
wrapping on the request or response. ThreadLocal
context, if any, should
still be active as we are still nested within the filter chain.
request
- the requestresponse
- the responsefilterChain
- the filter chainjavax.servlet.ServletException
- if request is not HTTP requestjava.io.IOException
- in case of I/O operation exceptionpublic final void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
doFilter
implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there.doFilter
in interface javax.servlet.Filter
request
- the requestresponse
- the responsefilterChain
- the filter chainjavax.servlet.ServletException
- if request is not HTTP requestjava.io.IOException
- in case of I/O operation exceptionprotected java.lang.String getAlreadyFilteredAttributeName()
The default implementation takes the configured name of the concrete filter instance and appends ".FILTERED". If the filter is not fully initialized, it falls back to its class name.
ALREADY_FILTERED_SUFFIX
public void init(javax.servlet.FilterConfig config)
init
in interface javax.servlet.Filter
public void destroy()
destroy
in interface javax.servlet.Filter