Class SessionFilter

  extended by sunlabs.brazil.filter.SessionFilter (view source)
All Implemented Interfaces:
Filter, Handler

public class SessionFilter
extends Object
implements Filter

Filter to manage browser sessions using browser cookies or URL rewriting as needed. This should be used as the last filter in the filter chain. It attempts to use browser cookies. If they don't work, it rewrites the URL's instead, tacking the session info onto the end of the URL.

This Filter works by first examining the request as a handler. If the request contains an ID, either in the "browser cookie" or written into the URL, the session ID is extracted. In the id-in-the-url case, the ID is removed from the URL. When called later as a filter, the SessionFilter rewrites all relevent URL's in the page to incorporate the ID.

If an ID can't be found either in the cookie or URL, a couple the session creation sequence starts. First, the browser is send a "set-cookie" request along with a redirect that contains the cookie value encoded into the redirected URL. When the browser follows the redirect, the request is examined to se if the cookie value was sent. If so, the browser is redirected back to the original URL, and normal "cookie" processing takes place. If no cookie is found, the browser is redirected back to the original URL, modified to embed the ID into it, and normal URL session rewriting takes place.

The following server properties are used:

The name of the cookie to use (defaults to "cookie"). If the name is "none", then no cookies are used. Instead, session rewriting will occur for every session.
The name of the request property that the Session ID will be stored in, to be passed to downstream handler. The default value is "SessionID". If the session property is set, and not empty, then no processing is done.
If set, cookies persist across browser sessions. If cookies are disabled, no persistence is available.
The URL prefix for which the cookie applies. Defaults to "/".
A regular expression that matches url suffix we process. Defaults to html|xml|txt, or to the directory default (e.g. a URL that ends in "/"). Note, this overrides the suffix handling done by MatchString() in the FilterHandler.
The Following request properties are set:
An id was retrieved out of a cookie header
Set to the string tacked onto the end of each URL, if session ID's are managed by URL rewriting. If cookies are used, this is set to the empty string.

Field Summary
 String cookieName
 String encoding
 boolean persist
 String redirectToken
 String session
 String urlSep
Constructor Summary
Method Summary
 byte[] filter(Request request, MimeHeaders headers, byte[] content)
          Rewrite all the url's, adding the session id to the end
 boolean init(Server server, String propsPrefix)
          Initializes the handler.
 boolean respond(Request request)
          This is called by the filterHandler before the content generation step.
 boolean shouldFilter(Request request, MimeHeaders headers)
          We have the results, only filter if html and we're rewriting
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


public String session


public String cookieName


public String urlSep


public String redirectToken


public String encoding


public boolean persist
Constructor Detail


public SessionFilter()
Method Detail


public boolean init(Server server,
                    String propsPrefix)
Description copied from interface: Handler
Initializes the handler.

Specified by:
init in interface Handler
server - The HTTP server that created this Handler. Typical Handlers will use Server.props to obtain run-time configuration information.
propsPrefix - The handlers name. The string this Handler may prepend to all of the keys that it uses to extract configuration information from Server.props. This is set (by the Server and ChainHandler) to help avoid configuration parameter namespace collisions.
true if this Handler initialized successfully, false otherwise. If false is returned, this Handler should not be used.


public boolean respond(Request request)
                throws IOException
This is called by the filterHandler before the content generation step. It is responsible for extracting the session information, then (if required) restoring the URL's to their original form. It tries relatively hard to use cookies if they are available through a series or redirects.

Specified by:
respond in interface Handler
request - The Request object that represents the HTTP request.
true if the request was handled. A request was handled if a response was supplied to the client, typically by calling Request.sendResponse() or Request.sendError.
IOException - if there was an I/O error while sending the response to the client. Typically, in that case, the Server will (try to) send an error message to the client and then close the client's connection.

The IOException should not be used to silently ignore problems such as being unable to access some server-side resource (for example getting a FileNotFoundException due to not being able to open a file). In that case, the Handler's duty is to turn that IOException into a HTTP response indicating, in this case, that a file could not be found.


public boolean shouldFilter(Request request,
                            MimeHeaders headers)
We have the results, only filter if html and we're rewriting

Specified by:
shouldFilter in interface Filter
request - The in-progress HTTP request.
headers - The MIME headers generated by the wrapped Handler.
true if this filter would like to examine and possibly rewrite the content, false otherwise.


public byte[] filter(Request request,
                     MimeHeaders headers,
                     byte[] content)
Rewrite all the url's, adding the session id to the end

Specified by:
filter in interface Filter
request - The finished HTTP request.
headers - The MIME headers generated by the Handler.
content - The output from the Handler that this Filter may rewrite.
The rewritten content. The Filter may return the original content unchanged. The Filter may return null to indicate that the FilterHandler should stop processing the request and should not return any content to the client.

Version Kenai-svn-r24, Generated 08/18/09
Copyright (c) 2001-2009, Sun Microsystems.