View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.session;
20  
21  import org.apache.shiro.session.InvalidSessionException;
22  import org.apache.shiro.session.Session;
23  import org.apache.shiro.lang.util.StringUtils;
24  import org.apache.shiro.web.servlet.ShiroHttpSession;
25  
26  import javax.servlet.http.HttpSession;
27  import java.io.Serializable;
28  import java.util.ArrayList;
29  import java.util.Collection;
30  import java.util.Date;
31  import java.util.Enumeration;
32  
33  /**
34   * {@link Session Session} implementation that is backed entirely by a standard servlet container
35   * {@link HttpSession HttpSession} instance.  It does not interact with any of Shiro's session-related components
36   * {@code SessionManager}, {@code SecurityManager}, etc., and instead satisfies all method implementations by interacting
37   * with a servlet container provided {@link HttpSession HttpSession} instance.
38   *
39   * @since 1.0
40   */
41  public class HttpServletSession implements Session {
42  
43      private static final String HOST_SESSION_KEY = HttpServletSession.class.getName() + ".HOST_SESSION_KEY";
44      private static final String TOUCH_OBJECT_SESSION_KEY = HttpServletSession.class.getName() + ".TOUCH_OBJECT_SESSION_KEY";
45  
46      private HttpSession httpSession;
47  
48      public HttpServletSession(HttpSession httpSession, String host) {
49          if (httpSession == null) {
50              String msg = "HttpSession constructor argument cannot be null.";
51              throw new IllegalArgumentException(msg);
52          }
53          if (httpSession instanceof ShiroHttpSession) {
54              String msg = "HttpSession constructor argument cannot be an instance of ShiroHttpSession.  This "
55                      + "is enforced to prevent circular dependencies and infinite loops.";
56              throw new IllegalArgumentException(msg);
57          }
58          this.httpSession = httpSession;
59          if (StringUtils.hasText(host)) {
60              setHost(host);
61          }
62      }
63  
64      public Serializable getId() {
65          return httpSession.getId();
66      }
67  
68      public Date getStartTimestamp() {
69          return new Date(httpSession.getCreationTime());
70      }
71  
72      public Date getLastAccessTime() {
73          return new Date(httpSession.getLastAccessedTime());
74      }
75  
76      @SuppressWarnings("checkstyle:MagicNumber")
77      public long getTimeout() throws InvalidSessionException {
78          try {
79              return httpSession.getMaxInactiveInterval() * 1000L;
80          } catch (Exception e) {
81              throw new InvalidSessionException(e);
82          }
83      }
84  
85      @SuppressWarnings("checkstyle:MagicNumber")
86      public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
87          try {
88              int timeout = (int) (maxIdleTimeInMillis / 1000);
89              httpSession.setMaxInactiveInterval(timeout);
90          } catch (Exception e) {
91              throw new InvalidSessionException(e);
92          }
93      }
94  
95      protected void setHost(String host) {
96          setAttribute(HOST_SESSION_KEY, host);
97      }
98  
99      public String getHost() {
100         return (String) getAttribute(HOST_SESSION_KEY);
101     }
102 
103     public void touch() throws InvalidSessionException {
104         //just manipulate the session to update the access time:
105         try {
106             httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
107             httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
108         } catch (Exception e) {
109             throw new InvalidSessionException(e);
110         }
111     }
112 
113     public void stop() throws InvalidSessionException {
114         try {
115             httpSession.invalidate();
116         } catch (Exception e) {
117             throw new InvalidSessionException(e);
118         }
119     }
120 
121     public Collection<Object> getAttributeKeys() throws InvalidSessionException {
122         try {
123             Enumeration namesEnum = httpSession.getAttributeNames();
124             Collection<Object> keys = null;
125             if (namesEnum != null) {
126                 keys = new ArrayList<Object>();
127                 while (namesEnum.hasMoreElements()) {
128                     keys.add(namesEnum.nextElement());
129                 }
130             }
131             return keys;
132         } catch (Exception e) {
133             throw new InvalidSessionException(e);
134         }
135     }
136 
137     private static String assertString(Object key) {
138         if (!(key instanceof String)) {
139             String msg = "HttpSession based implementations of the Shiro Session interface requires attribute keys "
140                     + "to be String objects.  The HttpSession class does not support anything other than String keys.";
141             throw new IllegalArgumentException(msg);
142         }
143         return (String) key;
144     }
145 
146     public Object getAttribute(Object key) throws InvalidSessionException {
147         try {
148             return httpSession.getAttribute(assertString(key));
149         } catch (Exception e) {
150             throw new InvalidSessionException(e);
151         }
152     }
153 
154     public void setAttribute(Object key, Object value) throws InvalidSessionException {
155         try {
156             httpSession.setAttribute(assertString(key), value);
157         } catch (Exception e) {
158             throw new InvalidSessionException(e);
159         }
160     }
161 
162     public Object removeAttribute(Object key) throws InvalidSessionException {
163         try {
164             String sKey = assertString(key);
165             Object removed = httpSession.getAttribute(sKey);
166             httpSession.removeAttribute(sKey);
167             return removed;
168         } catch (Exception e) {
169             throw new InvalidSessionException(e);
170         }
171     }
172 }