1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.session;
20
21 import org.apache.shiro.session.InvalidSessionException;
22 import org.apache.shiro.session.Session;
23 import org.apache.shiro.lang.util.StringUtils;
24 import org.apache.shiro.web.servlet.ShiroHttpSession;
25
26 import javax.servlet.http.HttpSession;
27 import java.io.Serializable;
28 import java.util.ArrayList;
29 import java.util.Collection;
30 import java.util.Date;
31 import java.util.Enumeration;
32
33
34
35
36
37
38
39
40
41 public class HttpServletSession implements Session {
42
43 private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY";
44 private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY";
45
46 private HttpSession httpSession;
47
48 public HttpServletSession(HttpSession httpSession, String host) {
49 if (httpSession == null) {
50 String msg = "HttpSession constructor argument cannot be null.";
51 throw new IllegalArgumentException(msg);
52 }
53 if (httpSession instanceof ShiroHttpSession) {
54 String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession. This "
55 + "is enforced to prevent circular dependencies and infinite loops.";
56 throw new IllegalArgumentException(msg);
57 }
58 this.httpSession = httpSession;
59 if (StringUtils.hasText(host)) {
60 setHost(host);
61 }
62 }
63
64 public Serializable getId() {
65 return httpSession.getId();
66 }
67
68 public Date getStartTimestamp() {
69 return new Date(httpSession.getCreationTime());
70 }
71
72 public Date getLastAccessTime() {
73 return new Date(httpSession.getLastAccessedTime());
74 }
75
76 @SuppressWarnings("checkstyle:MagicNumber")
77 public long getTimeout() throws InvalidSessionException {
78 try {
79 return httpSession.getMaxInactiveInterval() * 1000L;
80 } catch (Exception e) {
81 throw new InvalidSessionException(e);
82 }
83 }
84
85 @SuppressWarnings("checkstyle:MagicNumber")
86 public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
87 try {
88 int timeout = (int) (maxIdleTimeInMillis / 1000);
89 httpSession.setMaxInactiveInterval(timeout);
90 } catch (Exception e) {
91 throw new InvalidSessionException(e);
92 }
93 }
94
95 protected void setHost(String host) {
96 setAttribute(HOST_SESSION_KEY, host);
97 }
98
99 public String getHost() {
100 return (String) getAttribute(HOST_SESSION_KEY);
101 }
102
103 public void touch() throws InvalidSessionException {
104
105 try {
106 httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
107 httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
108 } catch (Exception e) {
109 throw new InvalidSessionException(e);
110 }
111 }
112
113 public void stop() throws InvalidSessionException {
114 try {
115 httpSession.invalidate();
116 } catch (Exception e) {
117 throw new InvalidSessionException(e);
118 }
119 }
120
121 public Collection<Object> getAttributeKeys() throws InvalidSessionException {
122 try {
123 Enumeration namesEnum = httpSession.getAttributeNames();
124 Collection<Object> keys = null;
125 if (namesEnum != null) {
126 keys = new ArrayList<Object>();
127 while (namesEnum.hasMoreElements()) {
128 keys.add(namesEnum.nextElement());
129 }
130 }
131 return keys;
132 } catch (Exception e) {
133 throw new InvalidSessionException(e);
134 }
135 }
136
137 private static String assertString(Object key) {
138 if (!(key instanceof String)) {
139 String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys "
140 + "to be String objects. The HttpSession class does not support anything other than String keys.";
141 throw new IllegalArgumentException(msg);
142 }
143 return (String) key;
144 }
145
146 public Object getAttribute(Object key) throws InvalidSessionException {
147 try {
148 return httpSession.getAttribute(assertString(key));
149 } catch (Exception e) {
150 throw new InvalidSessionException(e);
151 }
152 }
153
154 public void setAttribute(Object key, Object value) throws InvalidSessionException {
155 try {
156 httpSession.setAttribute(assertString(key), value);
157 } catch (Exception e) {
158 throw new InvalidSessionException(e);
159 }
160 }
161
162 public Object removeAttribute(Object key) throws InvalidSessionException {
163 try {
164 String sKey = assertString(key);
165 Object removed = httpSession.getAttribute(sKey);
166 httpSession.removeAttribute(sKey);
167 return removed;
168 } catch (Exception e) {
169 throw new InvalidSessionException(e);
170 }
171 }
172 }