Class SessionFilter

  • All Implemented Interfaces:
    Filter, Handler

    public class SessionFilter
    extends java.lang.Object
    implements Filter
    Filter to manage browser sessions using browser cookies or URL rewriting as needed. This should be used as the last filter in the filter chain. It attempts to use browser cookies. If they don't work, it rewrites the URL's instead, tacking the session info onto the end of the URL.

    This Filter works by first examining the request as a handler. If the request contains an ID, either in the "browser cookie" or written into the URL, the session ID is extracted. In the id-in-the-url case, the ID is removed from the URL. When called later as a filter, the SessionFilter rewrites all relevent URL's in the page to incorporate the ID.

    If an ID can't be found either in the cookie or URL, a couple the session creation sequence starts. First, the browser is send a "set-cookie" request along with a redirect that contains the cookie value encoded into the redirected URL. When the browser follows the redirect, the request is examined to se if the cookie value was sent. If so, the browser is redirected back to the original URL, and normal "cookie" processing takes place. If no cookie is found, the browser is redirected back to the original URL, modified to embed the ID into it, and normal URL session rewriting takes place.

    The following server properties are used:

    cookie
    The name of the cookie to use (defaults to "cookie"). If the name is "none", then no cookies are used. Instead, session rewriting will occur for every session.
    session
    The name of the request property that the Session ID will be stored in, to be passed to downstream handler. The default value is "SessionID". If the session property is set, and not empty, then no processing is done.
    persist
    If set, cookies persist across browser sessions. If cookies are disabled, no persistence is available.
    cookiePrefix
    The URL prefix for which the cookie applies. Defaults to "/".
    suffix
    A regular expression that matches url suffix we process. Defaults to html|xml|txt.
    The Following request properties are set:
    gotCookie
    An id was retrieved out of a cookie header
    UrlID
    Set to the string tacked onto the end of each URL, if session ID's are managed by URL rewriting. If cookies are used, this is set to the empty string.
    Version:
    2.4
    Author:
    Stephen Uhler
    • Constructor Summary

      Constructors 
      Constructor Description
      SessionFilter()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      byte[] filter​(Request request, MimeHeaders headers, byte[] content)
      Rewrite all the url's, adding the session id to the end
      boolean init​(Server server, java.lang.String propsPrefix)
      Initializes the handler.
      boolean respond​(Request request)
      This is called by the filterHandler before the content generation step.
      boolean shouldFilter​(Request request, MimeHeaders headers)
      We have the results, only filter if html and we're rewriting
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • session

        public java.lang.String session
      • cookieName

        public java.lang.String cookieName
      • urlSep

        public java.lang.String urlSep
      • redirectToken

        public java.lang.String redirectToken
      • encoding

        public java.lang.String encoding
      • persist

        public boolean persist
    • Constructor Detail

      • SessionFilter

        public SessionFilter()
    • Method Detail

      • init

        public boolean init​(Server server,
                            java.lang.String propsPrefix)
        Description copied from interface: Handler
        Initializes the handler.
        Specified by:
        init in interface Handler
        Parameters:
        server - The HTTP server that created this Handler. Typical Handlers will use Server.props to obtain run-time configuration information.
        propsPrefix - The handlers name. The string this Handler may prepend to all of the keys that it uses to extract configuration information from Server.props. This is set (by the Server and ChainHandler) to help avoid configuration parameter namespace collisions.
        Returns:
        true if this Handler initialized successfully, false otherwise. If false is returned, this Handler should not be used.
      • respond

        public boolean respond​(Request request)
                        throws java.io.IOException
        This is called by the filterHandler before the content generation step. It is responsible for extracting the session information, then (if required) restoring the URL's to their original form. It tries relatively hard to use cookies if they are available through a series or redirects.
        Specified by:
        respond in interface Handler
        Parameters:
        request - The Request object that represents the HTTP request.
        Returns:
        true if the request was handled. A request was handled if a response was supplied to the client, typically by calling Request.sendResponse() or Request.sendError.
        Throws:
        java.io.IOException - if there was an I/O error while sending the response to the client. Typically, in that case, the Server will (try to) send an error message to the client and then close the client's connection.

        The IOException should not be used to silently ignore problems such as being unable to access some server-side resource (for example getting a FileNotFoundException due to not being able to open a file). In that case, the Handler's duty is to turn that IOException into a HTTP response indicating, in this case, that a file could not be found.

      • shouldFilter

        public boolean shouldFilter​(Request request,
                                    MimeHeaders headers)
        We have the results, only filter if html and we're rewriting
        Specified by:
        shouldFilter in interface Filter
        Parameters:
        request - The in-progress HTTP request.
        headers - The MIME headers generated by the wrapped Handler.
        Returns:
        true if this filter would like to examine and possibly rewrite the content, false otherwise.
      • filter

        public byte[] filter​(Request request,
                             MimeHeaders headers,
                             byte[] content)
        Rewrite all the url's, adding the session id to the end
        Specified by:
        filter in interface Filter
        Parameters:
        request - The finished HTTP request.
        headers - The MIME headers generated by the Handler.
        content - The output from the Handler that this Filter may rewrite.
        Returns:
        The rewritten content. The Filter may return the original content unchanged. The Filter may return null to indicate that the FilterHandler should stop processing the request and should not return any content to the client.