S
- the Session
type.@Order(value=-2147483598)
public class SessionRepositoryFilter<S extends Session>
extends java.lang.Object
HttpSession
implementation to be backed by a
Session
.
The SessionRepositoryFilter
wraps the
HttpServletRequest
and overrides the methods to get an
HttpSession
to be backed by a
Session
returned by the
SessionRepository
.
The SessionRepositoryFilter
uses a HttpSessionIdResolver
(default
CookieHttpSessionIdResolver
) to bridge logic between an
HttpSession
and the
Session
abstraction. Specifically:
HttpSessionIdResolver.resolveSessionIds(javax.servlet.http.HttpServletRequest)
. The default is to look in a cookie named SESSION.Session
is sent
to the client using
HttpSessionIdResolver.expireSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response to ensure the session is overridden and persisted properly.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ALREADY_FILTERED_SUFFIX
Suffix that gets appended to the filter name for the "already filtered" request
attribute.
|
static int |
DEFAULT_ORDER
The default filter order.
|
static java.lang.String |
INVALID_SESSION_ID_ATTR
Invalid session id (not backed by the session repository) request attribute name.
|
static java.lang.String |
SESSION_REPOSITORY_ATTR
The session repository request attribute name.
|
Constructor and Description |
---|
SessionRepositoryFilter(SessionRepository<S> sessionRepository)
Creates a new instance.
|
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain filterChain)
This
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there. |
protected void |
doFilterInternal(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain filterChain)
Same contract as for
doFilter , but guaranteed to be just invoked once per
request within a single request thread. |
void |
init(javax.servlet.FilterConfig config) |
void |
setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)
Sets the
HttpSessionIdResolver to be used. |
public static final java.lang.String SESSION_REPOSITORY_ATTR
public static final java.lang.String INVALID_SESSION_ID_ATTR
public static final int DEFAULT_ORDER
public static final java.lang.String ALREADY_FILTERED_SUFFIX
public SessionRepositoryFilter(SessionRepository<S> sessionRepository)
sessionRepository
- the SessionRepository
to use. Cannot be null.public void setHttpSessionIdResolver(HttpSessionIdResolver httpSessionIdResolver)
HttpSessionIdResolver
to be used. The default is a
CookieHttpSessionIdResolver
.httpSessionIdResolver
- the HttpSessionIdResolver
to use. Cannot be
null.protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
doFilter
, but guaranteed to be just invoked once per
request within a single request thread.
Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
request
- the requestresponse
- the responsefilterChain
- the FilterChainjavax.servlet.ServletException
- thrown when a non-I/O exception has occurredjava.io.IOException
- thrown when an I/O exception of some sort has occurredFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
public final void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, java.io.IOException
doFilter
implementation stores a request attribute for
"already filtered", proceeding without filtering again if the attribute is already
there.doFilter
in interface javax.servlet.Filter
request
- the requestresponse
- the responsefilterChain
- the filter chainjavax.servlet.ServletException
- if request is not HTTP requestjava.io.IOException
- in case of I/O operation exceptionpublic void init(javax.servlet.FilterConfig config)
init
in interface javax.servlet.Filter
public void destroy()
destroy
in interface javax.servlet.Filter