| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.web.session; |
| |
| import org.apache.shiro.session.InvalidSessionException; |
| import org.apache.shiro.session.Session; |
| import org.apache.shiro.util.StringUtils; |
| import org.apache.shiro.web.servlet.ShiroHttpSession; |
| |
| import javax.servlet.http.HttpSession; |
| import java.io.Serializable; |
| import java.util.ArrayList; |
| import java.util.Collection; |
| import java.util.Date; |
| import java.util.Enumeration; |
| |
| /** |
| * {@link Session Session} implementation that is backed entirely by a standard servlet container |
| * {@link HttpSession HttpSession} instance. It does not interact with any of Shiro's session-related components |
| * {@code SessionManager}, {@code SecurityManager}, etc, and instead satisfies all method implementations by interacting |
| * with a servlet container provided {@link HttpSession HttpSession} instance. |
| * |
| * @since 1.0 |
| */ |
| public class HttpServletSession implements Session { |
| |
| private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY"; |
| private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY"; |
| |
| private HttpSession httpSession = null; |
| |
| public HttpServletSession(HttpSession httpSession, String host) { |
| if (httpSession == null) { |
| String msg = "HttpSession constructor argument cannot be null."; |
| throw new IllegalArgumentException(msg); |
| } |
| if (httpSession instanceof ShiroHttpSession) { |
| String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession. This " + |
| "is enforced to prevent circular dependencies and infinite loops."; |
| throw new IllegalArgumentException(msg); |
| } |
| this.httpSession = httpSession; |
| if (StringUtils.hasText(host)) { |
| setHost(host); |
| } |
| } |
| |
| public Serializable getId() { |
| return httpSession.getId(); |
| } |
| |
| public Date getStartTimestamp() { |
| return new Date(httpSession.getCreationTime()); |
| } |
| |
| public Date getLastAccessTime() { |
| return new Date(httpSession.getLastAccessedTime()); |
| } |
| |
| public long getTimeout() throws InvalidSessionException { |
| try { |
| return httpSession.getMaxInactiveInterval() * 1000L; |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException { |
| try { |
| int timeout = Long.valueOf(maxIdleTimeInMillis / 1000).intValue(); |
| httpSession.setMaxInactiveInterval(timeout); |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| protected void setHost(String host) { |
| setAttribute(HOST_SESSION_KEY, host); |
| } |
| |
| public String getHost() { |
| return (String) getAttribute(HOST_SESSION_KEY); |
| } |
| |
| public void touch() throws InvalidSessionException { |
| //just manipulate the session to update the access time: |
| try { |
| httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY); |
| httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY); |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| public void stop() throws InvalidSessionException { |
| try { |
| httpSession.invalidate(); |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| public Collection<Object> getAttributeKeys() throws InvalidSessionException { |
| try { |
| Enumeration namesEnum = httpSession.getAttributeNames(); |
| Collection<Object> keys = null; |
| if (namesEnum != null) { |
| keys = new ArrayList<Object>(); |
| while (namesEnum.hasMoreElements()) { |
| keys.add(namesEnum.nextElement()); |
| } |
| } |
| return keys; |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| private static String assertString(Object key) { |
| if (!(key instanceof String)) { |
| String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys " + |
| "to be String objects. The HttpSession class does not support anything other than String keys."; |
| throw new IllegalArgumentException(msg); |
| } |
| return (String) key; |
| } |
| |
| public Object getAttribute(Object key) throws InvalidSessionException { |
| try { |
| return httpSession.getAttribute(assertString(key)); |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| public void setAttribute(Object key, Object value) throws InvalidSessionException { |
| try { |
| httpSession.setAttribute(assertString(key), value); |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| |
| public Object removeAttribute(Object key) throws InvalidSessionException { |
| try { |
| String sKey = assertString(key); |
| Object removed = httpSession.getAttribute(sKey); |
| httpSession.removeAttribute(sKey); |
| return removed; |
| } catch (Exception e) { |
| throw new InvalidSessionException(e); |
| } |
| } |
| } |