View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.session;
20  
21  import org.apache.shiro.session.InvalidSessionException;
22  import org.apache.shiro.session.Session;
23  import org.apache.shiro.util.StringUtils;
24  import org.apache.shiro.web.servlet.ShiroHttpSession;
25  
26  import javax.servlet.http.HttpSession;
27  import java.io.Serializable;
28  import java.util.ArrayList;
29  import java.util.Collection;
30  import java.util.Date;
31  import java.util.Enumeration;
32  
33  /**
34   * {@link Session Session} implementation that is backed entirely by a standard servlet container
35   * {@link HttpSession HttpSession} instance.  It does not interact with any of Shiro's session-related components
36   * {@code SessionManager}, {@code SecurityManager}, etc, and instead satisfies all method implementations by interacting
37   * with a servlet container provided {@link HttpSession HttpSession} instance.
38   *
39   * @since 1.0
40   */
41  public class HttpServletSession implements Session {
42  
43      private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY";
44      private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY";
45  
46      private HttpSession httpSession = null;
47  
48      public HttpServletSession(HttpSession httpSession, String host) {
49          if (httpSession == null) {
50              String msg = "HttpSession constructor argument cannot be null.";
51              throw new IllegalArgumentException(msg);
52          }
53          if (httpSession instanceof ShiroHttpSession) {
54              String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession.  This " +
55                      "is enforced to prevent circular dependencies and infinite loops.";
56              throw new IllegalArgumentException(msg);
57          }
58          this.httpSession = httpSession;
59          if (StringUtils.hasText(host)) {
60              setHost(host);
61          }
62      }
63  
64      public Serializable getId() {
65          return httpSession.getId();
66      }
67  
68      public Date getStartTimestamp() {
69          return new Date(httpSession.getCreationTime());
70      }
71  
72      public Date getLastAccessTime() {
73          return new Date(httpSession.getLastAccessedTime());
74      }
75  
76      public long getTimeout() throws InvalidSessionException {
77          try {
78              return httpSession.getMaxInactiveInterval() * 1000L;
79          } catch (Exception e) {
80              throw new InvalidSessionException(e);
81          }
82      }
83  
84      public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
85          try {
86              int timeout = Long.valueOf(maxIdleTimeInMillis / 1000).intValue();
87              httpSession.setMaxInactiveInterval(timeout);
88          } catch (Exception e) {
89              throw new InvalidSessionException(e);
90          }
91      }
92  
93      protected void setHost(String host) {
94          setAttribute(HOST_SESSION_KEY, host);
95      }
96  
97      public String getHost() {
98          return (String) getAttribute(HOST_SESSION_KEY);
99      }
100 
101     public void touch() throws InvalidSessionException {
102         //just manipulate the session to update the access time:
103         try {
104             httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
105             httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
106         } catch (Exception e) {
107             throw new InvalidSessionException(e);
108         }
109     }
110 
111     public void stop() throws InvalidSessionException {
112         try {
113             httpSession.invalidate();
114         } catch (Exception e) {
115             throw new InvalidSessionException(e);
116         }
117     }
118 
119     public Collection<Object> getAttributeKeys() throws InvalidSessionException {
120         try {
121             Enumeration namesEnum = httpSession.getAttributeNames();
122             Collection<Object> keys = null;
123             if (namesEnum != null) {
124                 keys = new ArrayList<Object>();
125                 while (namesEnum.hasMoreElements()) {
126                     keys.add(namesEnum.nextElement());
127                 }
128             }
129             return keys;
130         } catch (Exception e) {
131             throw new InvalidSessionException(e);
132         }
133     }
134 
135     private static String assertString(Object key) {
136         if (!(key instanceof String)) {
137             String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys " +
138                     "to be String objects.  The HttpSession class does not support anything other than String keys.";
139             throw new IllegalArgumentException(msg);
140         }
141         return (String) key;
142     }
143 
144     public Object getAttribute(Object key) throws InvalidSessionException {
145         try {
146             return httpSession.getAttribute(assertString(key));
147         } catch (Exception e) {
148             throw new InvalidSessionException(e);
149         }
150     }
151 
152     public void setAttribute(Object key, Object value) throws InvalidSessionException {
153         try {
154             httpSession.setAttribute(assertString(key), value);
155         } catch (Exception e) {
156             throw new InvalidSessionException(e);
157         }
158     }
159 
160     public Object removeAttribute(Object key) throws InvalidSessionException {
161         try {
162             String sKey = assertString(key);
163             Object removed = httpSession.getAttribute(sKey);
164             httpSession.removeAttribute(sKey);
165             return removed;
166         } catch (Exception e) {
167             throw new InvalidSessionException(e);
168         }
169     }
170 }