Coverage Report

Coverage Report - org.acegisecurity.concurrent.ConcurrentSessionFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

ConcurrentSessionFilter

96%

100%

1.667

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.concurrent;
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.util.Assert;
 
 import java.io.IOException;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 
 /**
  * Filter required by concurrent session handling package.<p>This filter performs two functions. First, it calls
  * {@link org.acegisecurity.concurrent.SessionRegistry#refreshLastRequest(String)} for each request. That way,
  * registered sessions always have a correct "last update" date/time. Second, it retrieves {@link
  * org.acegisecurity.concurrent.SessionInformation} from the <code>SessionRegistry</code> for each request and checks
  * if the session has been marked as expired. If it has been marked as expired, the session is invalidated. The
  * invalidation of the session will also cause the request to redirect to the URL specified, and a {@link
  * org.acegisecurity.ui.session.HttpSessionDestroyedEvent} to be published via the {@link
  * org.acegisecurity.ui.session.HttpSessionEventPublisher} registered in <code>web.xml</code>.</p>
  *
  * @author Ben Alex
  * @version $Id: ConcurrentSessionFilter.java 1496 2006-05-23 13:38:33Z benalex $
  */
 public class ConcurrentSessionFilter implements Filter, InitializingBean {
     //~ Instance fields ================================================================================================
 
     private SessionRegistry sessionRegistry;
     private String expiredUrl;
 
     //~ Methods ========================================================================================================
 
     public void afterPropertiesSet() throws Exception {
         Assert.notNull(sessionRegistry, "SessionRegistry required");
         Assert.hasText(expiredUrl, "ExpiredUrl required");
     }
 
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      */
     public void destroy() {}
 
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
         throws IOException, ServletException {
         Assert.isInstanceOf(HttpServletRequest.class, request, "Can only process HttpServletRequest");
         Assert.isInstanceOf(HttpServletResponse.class, response, "Can only process HttpServletResponse");
 
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
 
         HttpSession session = httpRequest.getSession(false);
 
         if (session != null) {
             SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
 
             if (info != null) {
                 if (info.isExpired()) {
                     // Expired - abort processing
                     session.invalidate();
 
                     String targetUrl = httpRequest.getContextPath() + expiredUrl;
                     httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
 
                     return;
                 } else {
                     // Non-expired - update last request date/time
                     info.refreshLastRequest();
                 }
             }
         }
 
         chain.doFilter(request, response);
     }
 
     /**
      * Does nothing. We use IoC container lifecycle services instead.
      *
      * @param arg0 ignored
      *
      * @throws ServletException ignored
      */
     public void init(FilterConfig arg0) throws ServletException {}
 
     public void setExpiredUrl(String expiredUrl) {
         this.expiredUrl = expiredUrl;
     }
 
     public void setSessionRegistry(SessionRegistry sessionRegistry) {
         this.sessionRegistry = sessionRegistry;
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.concurrent;
17
18		import org.springframework.beans.factory.InitializingBean;
19
20		import org.springframework.util.Assert;
21
22		import java.io.IOException;
23
24		import javax.servlet.Filter;
25		import javax.servlet.FilterChain;
26		import javax.servlet.FilterConfig;
27		import javax.servlet.ServletException;
28		import javax.servlet.ServletRequest;
29		import javax.servlet.ServletResponse;
30		import javax.servlet.http.HttpServletRequest;
31		import javax.servlet.http.HttpServletResponse;
32		import javax.servlet.http.HttpSession;
33
34
35		/**
36		* Filter required by concurrent session handling package.<p>This filter performs two functions. First, it calls
37		* {@link org.acegisecurity.concurrent.SessionRegistry#refreshLastRequest(String)} for each request. That way,
38		* registered sessions always have a correct "last update" date/time. Second, it retrieves {@link
39		* org.acegisecurity.concurrent.SessionInformation} from the <code>SessionRegistry</code> for each request and checks
40		* if the session has been marked as expired. If it has been marked as expired, the session is invalidated. The
41		* invalidation of the session will also cause the request to redirect to the URL specified, and a {@link
42		* org.acegisecurity.ui.session.HttpSessionDestroyedEvent} to be published via the {@link
43		* org.acegisecurity.ui.session.HttpSessionEventPublisher} registered in <code>web.xml</code>.</p>
44		*
45		* @author Ben Alex
46		* @version $Id: ConcurrentSessionFilter.java 1496 2006-05-23 13:38:33Z benalex $
47		*/
48	4	public class ConcurrentSessionFilter implements Filter, InitializingBean {
49		//~ Instance fields ================================================================================================
50
51		private SessionRegistry sessionRegistry;
52		private String expiredUrl;
53
54		//~ Methods ========================================================================================================
55
56		public void afterPropertiesSet() throws Exception {
57	2	Assert.notNull(sessionRegistry, "SessionRegistry required");
58	1	Assert.hasText(expiredUrl, "ExpiredUrl required");
59	0	}
60
61		/**
62		* Does nothing. We use IoC container lifecycle services instead.
63		*/
64	2	public void destroy() {}
65
66		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
67		throws IOException, ServletException {
68	4	Assert.isInstanceOf(HttpServletRequest.class, request, "Can only process HttpServletRequest");
69	2	Assert.isInstanceOf(HttpServletResponse.class, response, "Can only process HttpServletResponse");
70
71	2	HttpServletRequest httpRequest = (HttpServletRequest) request;
72	2	HttpServletResponse httpResponse = (HttpServletResponse) response;
73
74	2	HttpSession session = httpRequest.getSession(false);
75
76	2	if (session != null) {
77	2	SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
78
79	2	if (info != null) {
80	2	if (info.isExpired()) {
81		// Expired - abort processing
82	1	session.invalidate();
83
84	1	String targetUrl = httpRequest.getContextPath() + expiredUrl;
85	1	httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
86
87	1	return;
88		} else {
89		// Non-expired - update last request date/time
90	1	info.refreshLastRequest();
91		}
92		}
93		}
94
95	1	chain.doFilter(request, response);
96	1	}
97
98		/**
99		* Does nothing. We use IoC container lifecycle services instead.
100		*
101		* @param arg0 ignored
102		*
103		* @throws ServletException ignored
104		*/
105	2	public void init(FilterConfig arg0) throws ServletException {}
106
107		public void setExpiredUrl(String expiredUrl) {
108	3	this.expiredUrl = expiredUrl;
109	3	}
110
111		public void setSessionRegistry(SessionRegistry sessionRegistry) {
112	3	this.sessionRegistry = sessionRegistry;
113	3	}
114		}