| /* |
| * Copyright 2005-2008 Les Hazlewood |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.jsecurity.web.servlet; |
| |
| import org.jsecurity.session.InvalidSessionException; |
| import org.jsecurity.session.Session; |
| import org.jsecurity.web.session.WebSession; |
| |
| import javax.servlet.ServletContext; |
| import javax.servlet.http.*; |
| import java.util.*; |
| |
| /** |
| * Wrapper class that uses a JSecurity session under the hood for all session operations instead of the |
| * Servlet Container's session mechanism. This is preferred in heterogeneous client environments where the Session |
| * is used on both the business tier as well as in multiple client technologies (web, swing, flash, etc). |
| * |
| * @since 0.2 |
| * @author Les Hazlewood |
| */ |
| @SuppressWarnings("deprecated") |
| public class JSecurityHttpSession implements HttpSession { |
| |
| public static final String DEFAULT_SESSION_ID_NAME = "JSESSIONID"; |
| |
| private static final Enumeration EMPTY_ENUMERATION = new Enumeration() { |
| public boolean hasMoreElements() { |
| return false; |
| } |
| |
| public Object nextElement() { |
| return null; |
| } |
| }; |
| |
| private static final HttpSessionContext HTTP_SESSION_CONTEXT = new HttpSessionContext() { |
| public HttpSession getSession( String s ) { |
| return null; |
| } |
| |
| public Enumeration getIds() { |
| return EMPTY_ENUMERATION; |
| } |
| }; |
| |
| protected ServletContext servletContext = null; |
| protected HttpServletRequest currentRequest = null; |
| protected Session session = null; //'real' JSecurity Session |
| |
| public JSecurityHttpSession( Session session, HttpServletRequest currentRequest, ServletContext servletContext ) { |
| if ( session instanceof WebSession) { |
| String msg = "Session constructor argument cannot be an instance of WebSession. This is enforced to " + |
| "prevent circular dependencies and infinite loops."; |
| throw new IllegalArgumentException( msg ); |
| } |
| this.session = session; |
| this.currentRequest = currentRequest; |
| this.servletContext = servletContext; |
| } |
| |
| public Session getSession() { |
| return this.session; |
| } |
| |
| public long getCreationTime() { |
| try { |
| return getSession().getStartTimestamp().getTime(); |
| } catch ( Exception e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public String getId() { |
| return getSession().getId().toString(); |
| } |
| |
| public long getLastAccessedTime() { |
| return getSession().getLastAccessTime().getTime(); |
| } |
| |
| public ServletContext getServletContext() { |
| return this.servletContext; |
| } |
| |
| public void setMaxInactiveInterval( int i ) { |
| try { |
| getSession().setTimeout( i * 1000 ); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public int getMaxInactiveInterval() { |
| try { |
| return ( new Long( getSession().getTimeout() / 1000 ) ).intValue(); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public HttpSessionContext getSessionContext() { |
| return HTTP_SESSION_CONTEXT; |
| } |
| |
| public Object getAttribute( String s ) { |
| try { |
| return getSession().getAttribute( s ); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public Object getValue( String s ) { |
| return getAttribute( s ); |
| } |
| |
| protected Set<String> getKeyNames() { |
| Collection<Object> keySet = null; |
| try { |
| keySet = getSession().getAttributeKeys(); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| Set<String> keyNames = null; |
| if ( keySet != null && !keySet.isEmpty() ) { |
| keyNames = new HashSet<String>( keySet.size() ); |
| for ( Object o : keySet ) { |
| keyNames.add( o.toString() ); |
| } |
| } else { |
| keyNames = Collections.EMPTY_SET; |
| } |
| return keyNames; |
| } |
| |
| public Enumeration getAttributeNames() { |
| Set<String> keyNames = getKeyNames(); |
| final Iterator iterator = keyNames.iterator(); |
| return new Enumeration() { |
| public boolean hasMoreElements() { |
| return iterator.hasNext(); |
| } |
| |
| public Object nextElement() { |
| return iterator.next(); |
| } |
| }; |
| } |
| |
| public String[] getValueNames() { |
| Set<String> keyNames = getKeyNames(); |
| String[] array = new String[keyNames.size()]; |
| if ( keyNames.size() > 0 ) { |
| array = keyNames.toArray( array ); |
| } |
| return array; |
| } |
| |
| protected void beforeBound( String s, Object o ) { |
| if ( o instanceof HttpSessionBindingListener ) { |
| HttpSessionBindingListener listener = (HttpSessionBindingListener)o; |
| HttpSessionBindingEvent event = new HttpSessionBindingEvent( this, s, o ); |
| listener.valueBound( event ); |
| } |
| } |
| |
| protected void afterUnbound( String s, Object o ) { |
| if ( o instanceof HttpSessionBindingListener ) { |
| HttpSessionBindingListener listener = (HttpSessionBindingListener)o; |
| HttpSessionBindingEvent event = new HttpSessionBindingEvent( this, s, o ); |
| listener.valueUnbound( event ); |
| } |
| } |
| |
| public void setAttribute( String s, Object o ) { |
| beforeBound( s, o ); |
| try { |
| getSession().setAttribute( s, o ); |
| } catch ( InvalidSessionException e ) { |
| afterUnbound( s, o ); |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public void putValue( String s, Object o ) { |
| setAttribute( s, o ); |
| } |
| |
| public void removeAttribute( String s ) { |
| try { |
| Object attribute = getSession().removeAttribute( s ); |
| afterUnbound( s, attribute ); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public void removeValue( String s ) { |
| removeAttribute( s ); |
| } |
| |
| public void invalidate() { |
| try { |
| getSession().stop(); |
| } catch ( InvalidSessionException e ) { |
| throw new IllegalStateException( e ); |
| } |
| } |
| |
| public boolean isNew() { |
| Boolean value = (Boolean)currentRequest.getAttribute( JSecurityHttpServletRequest.REFERENCED_SESSION_IS_NEW ); |
| return value != null && value.equals( Boolean.TRUE ); |
| } |
| } |