ConcurrentSessionFilter xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.concurrent;
17  
18  import org.springframework.beans.factory.InitializingBean;
19  
20  import org.springframework.util.Assert;
21  
22  import java.io.IOException;
23  
24  import javax.servlet.Filter;
25  import javax.servlet.FilterChain;
26  import javax.servlet.FilterConfig;
27  import javax.servlet.ServletException;
28  import javax.servlet.ServletRequest;
29  import javax.servlet.ServletResponse;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  import javax.servlet.http.HttpSession;
33  
34  
35  /**
36   * Filter required by concurrent session handling package.<p>This filter performs two functions. First, it calls
37   * {@link org.acegisecurity.concurrent.SessionRegistry#refreshLastRequest(String)} for each request. That way,
38   * registered sessions always have a correct "last update" date/time. Second, it retrieves {@link
39   * org.acegisecurity.concurrent.SessionInformation} from the <code>SessionRegistry</code> for each request and checks
40   * if the session has been marked as expired. If it has been marked as expired, the session is invalidated. The
41   * invalidation of the session will also cause the request to redirect to the URL specified, and a {@link
42   * org.acegisecurity.ui.session.HttpSessionDestroyedEvent} to be published via the {@link
43   * org.acegisecurity.ui.session.HttpSessionEventPublisher} registered in <code>web.xml</code>.</p>
44   *
45   * @author Ben Alex
46   * @version $Id: ConcurrentSessionFilter.java 1496 2006-05-23 13:38:33Z benalex $
47   */
48  public class ConcurrentSessionFilter implements Filter, InitializingBean {
49      //~ Instance fields ================================================================================================
50  
51      private SessionRegistry sessionRegistry;
52      private String expiredUrl;
53  
54      //~ Methods ========================================================================================================
55  
56      public void afterPropertiesSet() throws Exception {
57          Assert.notNull(sessionRegistry, "SessionRegistry required");
58          Assert.hasText(expiredUrl, "ExpiredUrl required");
59      }
60  
61      /**
62       * Does nothing. We use IoC container lifecycle services instead.
63       */
64      public void destroy() {}
65  
66      public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
67          throws IOException, ServletException {
68          Assert.isInstanceOf(HttpServletRequest.class, request, "Can only process HttpServletRequest");
69          Assert.isInstanceOf(HttpServletResponse.class, response, "Can only process HttpServletResponse");
70  
71          HttpServletRequest httpRequest = (HttpServletRequest) request;
72          HttpServletResponse httpResponse = (HttpServletResponse) response;
73  
74          HttpSession session = httpRequest.getSession(false);
75  
76          if (session != null) {
77              SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
78  
79              if (info != null) {
80                  if (info.isExpired()) {
81                      // Expired - abort processing
82                      session.invalidate();
83  
84                      String targetUrl = httpRequest.getContextPath() + expiredUrl;
85                      httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
86  
87                      return;
88                  } else {
89                      // Non-expired - update last request date/time
90                      info.refreshLastRequest();
91                  }
92              }
93          }
94  
95          chain.doFilter(request, response);
96      }
97  
98      /**
99       * Does nothing. We use IoC container lifecycle services instead.
100      *
101      * @param arg0 ignored
102      *
103      * @throws ServletException ignored
104      */
105     public void init(FilterConfig arg0) throws ServletException {}
106 
107     public void setExpiredUrl(String expiredUrl) {
108         this.expiredUrl = expiredUrl;
109     }
110 
111     public void setSessionRegistry(SessionRegistry sessionRegistry) {
112         this.sessionRegistry = sessionRegistry;
113     }
114 }