Class SessionFilter

java.lang.Object
sunlabs.brazil.filter.SessionFilter
All Implemented Interfaces:
Filter, Handler
public class SessionFilter extends Object implements Filter
Filter to manage browser sessions using browser cookies or URL rewriting as needed. This should be used as the last filter in the filter chain. It attempts to use browser cookies. If they don't work, it rewrites the URL's instead, tacking the session info onto the end of the URL.

This Filter works by first examining the request as a handler. If the request contains an ID, either in the "browser cookie" or written into the URL, the session ID is extracted. In the id-in-the-url case, the ID is removed from the URL. When called later as a filter, the SessionFilter rewrites all relevent URL's in the page to incorporate the ID.

If an ID can't be found either in the cookie or URL, a couple the session creation sequence starts. First, the browser is send a "set-cookie" request along with a redirect that contains the cookie value encoded into the redirected URL. When the browser follows the redirect, the request is examined to se if the cookie value was sent. If so, the browser is redirected back to the original URL, and normal "cookie" processing takes place. If no cookie is found, the browser is redirected back to the original URL, modified to embed the ID into it, and normal URL session rewriting takes place.

The following server properties are used:

cookie
The name of the cookie to use (defaults to "cookie"). If the name is "none", then no cookies are used. Instead, session rewriting will occur for every session.
session
The name of the request property that the Session ID will be stored in, to be passed to downstream handler. The default value is "SessionID". If the session property is set, and not empty, then no processing is done.
persist
If set, cookies persist across browser sessions. If cookies are disabled, no persistence is available.
cookiePrefix
The URL prefix for which the cookie applies. Defaults to "/".
suffix
A regular expression that matches url suffix we process. Defaults to html|xml|txt.
The Following request properties are set:
gotCookie
An id was retrieved out of a cookie header
UrlID
Set to the string tacked onto the end of each URL, if session ID's are managed by URL rewriting. If cookies are used, this is set to the empty string.
Version:
2.4
Author:
Stephen Uhler

  • Field Details

    • session

      public String session

    • cookieName

      public String cookieName

    • urlSep

      public String urlSep

    • redirectToken

      public String redirectToken

    • encoding

      public String encoding

    • persist

      public boolean persist

  • Constructor Details

    • SessionFilter

      public SessionFilter()

  • Method Details

    • init

      public boolean init(Server server, String propsPrefix)
      Description copied from interface: Handler
      Initializes the handler.
      Specified by:
      init in interface Handler
      Parameters:
      server - The HTTP server that created this Handler. Typical Handlers will use Server.props to obtain run-time configuration information.
      propsPrefix - The handlers name. The string this Handler may prepend to all of the keys that it uses to extract configuration information from Server.props. This is set (by the Server and ChainHandler) to help avoid configuration parameter namespace collisions.
      Returns:
      true if this Handler initialized successfully, false otherwise. If false is returned, this Handler should not be used.

    • respond

      public boolean respond(Request request) throws IOException
      This is called by the filterHandler before the content generation step. It is responsible for extracting the session information, then (if required) restoring the URL's to their original form. It tries relatively hard to use cookies if they are available through a series or redirects.
      Specified by:
      respond in interface Handler
      Parameters:
      request - The Request object that represents the HTTP request.
      Returns:
      true if the request was handled. A request was handled if a response was supplied to the client, typically by calling Request.sendResponse() or Request.sendError.
      Throws:
      IOException - if there was an I/O error while sending the response to the client. Typically, in that case, the Server will (try to) send an error message to the client and then close the client's connection.

      The IOException should not be used to silently ignore problems such as being unable to access some server-side resource (for example getting a FileNotFoundException due to not being able to open a file). In that case, the Handler's duty is to turn that IOException into a HTTP response indicating, in this case, that a file could not be found.

    • shouldFilter

      public boolean shouldFilter(Request request, MimeHeaders headers)
      We have the results, only filter if html and we're rewriting
      Specified by:
      shouldFilter in interface Filter
      Parameters:
      request - The in-progress HTTP request.
      headers - The MIME headers generated by the wrapped Handler.
      Returns:
      true if this filter would like to examine and possibly rewrite the content, false otherwise.

    • filter

      public byte[] filter(Request request, MimeHeaders headers, byte[] content)
      Rewrite all the url's, adding the session id to the end
      Specified by:
      filter in interface Filter
      Parameters:
      request - The finished HTTP request.
      headers - The MIME headers generated by the Handler.
      content - The output from the Handler that this Filter may rewrite.
      Returns:
      The rewritten content. The Filter may return the original content unchanged. The Filter may return null to indicate that the FilterHandler should stop processing the request and should not return any content to the client.