web/src/main/java/org/apache/shiro/web/session/HttpServletSession.java - shiro - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.web.session;

 import org.apache.shiro.session.InvalidSessionException;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.util.StringUtils;
 import org.apache.shiro.web.servlet.ShiroHttpSession;

 import javax.servlet.http.HttpSession;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
 import java.util.Enumeration;

 /**
  * {@link Session Session} implementation that is backed entirely by a standard servlet container
  * {@link HttpSession HttpSession} instance.  It does not interact with any of Shiro's session-related components
  * {@code SessionManager}, {@code SecurityManager}, etc, and instead satisfies all method implementations by interacting
  * with a servlet container provided {@link HttpSession HttpSession} instance.
  *
  * @since 1.0
  */
 public class HttpServletSession implements Session {

     private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY";
     private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY";

     private HttpSession httpSession = null;

     public HttpServletSession(HttpSession httpSession, String host) {
         if (httpSession == null) {
             String msg = "HttpSession constructor argument cannot be null.";
             throw new IllegalArgumentException(msg);
         }
         if (httpSession instanceof ShiroHttpSession) {
             String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession.  This " +
                     "is enforced to prevent circular dependencies and infinite loops.";
             throw new IllegalArgumentException(msg);
         }
         this.httpSession = httpSession;
         if (StringUtils.hasText(host)) {
             setHost(host);
         }
     }

     public Serializable getId() {
         return httpSession.getId();
     }

     public Date getStartTimestamp() {
         return new Date(httpSession.getCreationTime());
     }

     public Date getLastAccessTime() {
         return new Date(httpSession.getLastAccessedTime());
     }

     public long getTimeout() throws InvalidSessionException {
         try {
             return httpSession.getMaxInactiveInterval() * 1000L;
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
         try {
             int timeout = Long.valueOf(maxIdleTimeInMillis / 1000).intValue();
             httpSession.setMaxInactiveInterval(timeout);
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     protected void setHost(String host) {
         setAttribute(HOST_SESSION_KEY, host);
     }

     public String getHost() {
         return (String) getAttribute(HOST_SESSION_KEY);
     }

     public void touch() throws InvalidSessionException {
         //just manipulate the session to update the access time:
         try {
             httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
             httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     public void stop() throws InvalidSessionException {
         try {
             httpSession.invalidate();
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     public Collection<Object> getAttributeKeys() throws InvalidSessionException {
         try {
             Enumeration namesEnum = httpSession.getAttributeNames();
             Collection<Object> keys = null;
             if (namesEnum != null) {
                 keys = new ArrayList<Object>();
                 while (namesEnum.hasMoreElements()) {
                     keys.add(namesEnum.nextElement());
                 }
             }
             return keys;
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     private static String assertString(Object key) {
         if (!(key instanceof String)) {
             String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys " +
                     "to be String objects.  The HttpSession class does not support anything other than String keys.";
             throw new IllegalArgumentException(msg);
         }
         return (String) key;
     }

     public Object getAttribute(Object key) throws InvalidSessionException {
         try {
             return httpSession.getAttribute(assertString(key));
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     public void setAttribute(Object key, Object value) throws InvalidSessionException {
         try {
             httpSession.setAttribute(assertString(key), value);
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }

     public Object removeAttribute(Object key) throws InvalidSessionException {
         try {
             String sKey = assertString(key);
             Object removed = httpSession.getAttribute(sKey);
             httpSession.removeAttribute(sKey);
             return removed;
         } catch (Exception e) {
             throw new InvalidSessionException(e);
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.shiro.web.session;

	import org.apache.shiro.session.InvalidSessionException;
	import org.apache.shiro.session.Session;
	import org.apache.shiro.util.StringUtils;
	import org.apache.shiro.web.servlet.ShiroHttpSession;

	import javax.servlet.http.HttpSession;
	import java.io.Serializable;
	import java.util.ArrayList;
	import java.util.Collection;
	import java.util.Date;
	import java.util.Enumeration;

	/**
	* {@link Session Session} implementation that is backed entirely by a standard servlet container
	* {@link HttpSession HttpSession} instance. It does not interact with any of Shiro's session-related components
	* {@code SessionManager}, {@code SecurityManager}, etc, and instead satisfies all method implementations by interacting
	* with a servlet container provided {@link HttpSession HttpSession} instance.
	*
	* @since 1.0
	*/
	public class HttpServletSession implements Session {

	private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY";
	private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY";

	private HttpSession httpSession = null;

	public HttpServletSession(HttpSession httpSession, String host) {
	if (httpSession == null) {
	String msg = "HttpSession constructor argument cannot be null.";
	throw new IllegalArgumentException(msg);
	}
	if (httpSession instanceof ShiroHttpSession) {
	String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession. This " +
	"is enforced to prevent circular dependencies and infinite loops.";
	throw new IllegalArgumentException(msg);
	}
	this.httpSession = httpSession;
	if (StringUtils.hasText(host)) {
	setHost(host);
	}
	}

	public Serializable getId() {
	return httpSession.getId();
	}

	public Date getStartTimestamp() {
	return new Date(httpSession.getCreationTime());
	}

	public Date getLastAccessTime() {
	return new Date(httpSession.getLastAccessedTime());
	}

	public long getTimeout() throws InvalidSessionException {
	try {
	return httpSession.getMaxInactiveInterval() * 1000L;
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
	try {
	int timeout = Long.valueOf(maxIdleTimeInMillis / 1000).intValue();
	httpSession.setMaxInactiveInterval(timeout);
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	protected void setHost(String host) {
	setAttribute(HOST_SESSION_KEY, host);
	}

	public String getHost() {
	return (String) getAttribute(HOST_SESSION_KEY);
	}

	public void touch() throws InvalidSessionException {
	//just manipulate the session to update the access time:
	try {
	httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
	httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	public void stop() throws InvalidSessionException {
	try {
	httpSession.invalidate();
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	public Collection<Object> getAttributeKeys() throws InvalidSessionException {
	try {
	Enumeration namesEnum = httpSession.getAttributeNames();
	Collection<Object> keys = null;
	if (namesEnum != null) {
	keys = new ArrayList<Object>();
	while (namesEnum.hasMoreElements()) {
	keys.add(namesEnum.nextElement());
	}
	}
	return keys;
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	private static String assertString(Object key) {
	if (!(key instanceof String)) {
	String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys " +
	"to be String objects. The HttpSession class does not support anything other than String keys.";
	throw new IllegalArgumentException(msg);
	}
	return (String) key;
	}

	public Object getAttribute(Object key) throws InvalidSessionException {
	try {
	return httpSession.getAttribute(assertString(key));
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	public void setAttribute(Object key, Object value) throws InvalidSessionException {
	try {
	httpSession.setAttribute(assertString(key), value);
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}

	public Object removeAttribute(Object key) throws InvalidSessionException {
	try {
	String sKey = assertString(key);
	Object removed = httpSession.getAttribute(sKey);
	httpSession.removeAttribute(sKey);
	return removed;
	} catch (Exception e) {
	throw new InvalidSessionException(e);
	}
	}
	}