public class SessionCookieFilter extends Object implements javax.servlet.Filter
Used to setup HTTP requests with sessions backed by client cookies. This filter should be placed first in your filter chain (or at least
before an calls to HttpServletRequest.getSession()
are made). The following initialization parameters are supported by this filter.
The full qualified class name of the object that implements SessionCookieParameters
. This class must have a default, public constructor
that will be used to initialize a singleton object. It this parameter is not specified then the particular SessionCookie parameters specified below will be used. Example:
<init-param>
<param-name>SessionCookieParametersClassName</param-name>
<param-value>org.example.MySessionCookieParameters</param-value>
</init-param>
The full qualified class name of the object that implements SessionCookieErrorHandler
. This class must have a default, public constructor
that will be used to initialize a singleton object. If this parameter is not specified then SessionCookieDefaultErrorHandler
will be used which requires the
SLF4J library to be on the classpath. Example:
<init-param>
<param-name>SessionCookieErrorHandlerClassName</param-name>
<param-value>org.example.MySessionCookieErrorHandler</param-value>
</init-param>
The time, in minutes, from creation time that sessions are allowed to remain active. A negative time indicates the session should never timeout. This parameter is only used if SessionCookieParametersClassName
is not specified. The default value for this parameters is SessionCookieParameters.DEFAULT_SESSION_TIMEOUT_MINUTES
. Example:
<init-param>
<param-name>SessionTimeoutMinutes</param-name>
<param-value>-1</param-value>
</init-param>
The time, in seconds, between client requests that session are allowed to remain active. A negative time indicates the session should never timeout. This parameter is only used if SessionCookieParametersClassName
is not specified. The default value for this parameters is SessionCookieParameters.DEFAULT_INACTIVITY_TIMEOUT_SECONDS
. Example:
<init-param>
<param-name>InactivityTimeoutSeconds</param-name>
<param-value>600</param-value>
</init-param>
The maximum number of sessions that are cached in memory. A zero or negative value indicates that no sessions are cached. This parameter is only used if SessionCookieParametersClassName
is not specified. The default value for this parameters is SessionCookieParameters.DEFAULT_MAX_IN_MEMORY_SESSIONS
. Example:
<init-param>
<param-name>MaxInMemorySessions</param-name>
<param-value>250</param-value>
</init-param>
Indicates if a background thread should be used to removed candidates from the session cache. If false
sessions will be removed from the cache on request threads. This parameter is only used if SessionCookieParametersClassName
is not specified and MaxInMemorySessions
is greater than zero. The default value for this parameters is SessionCookieParameters.DEFAULT_PURGE_SESSION_CACHE_WITH_BACKGROUND_THREAD
. Example:
<init-param>
<param-name>PurgeSessionCacheWithBackgroundThread</param-name>
<param-value>true</param-value>
</init-param>
The minimum number of seconds between session cache purges. This parameter is only used if SessionCookieParametersClassName
is not specified and MaxInMemorySessions
is greater than zero. The default value for this parameters is SessionCookieParameters.DEFAULT_MAX_IN_MEMORY_SESSIONS
. Example:
<init-param>
<param-name>MinimumSecondsBetweenSessionCachePurge</param-name>
<param-value>25</param-value>
</init-param>
The symmetric encryption algorithm used to encrypt and decrypt the session cookie. This parameter is only used if SessionCookieParametersClassName
is not specified. The default value for this parameters is SessionCookieParameters.DEFAULT_SYMMETRIC_ENCRYPTION_ALGORITHM
. Example:
<init-param>
<param-name>SymmetricEncryptionAlgorithm</param-name>
<param-value>AES</param-value>
</init-param>
The Base64 encoded symmetric encryption key used to encrypt and decrypt the session cookie. This parameter is only used if SessionCookieParametersClassName
is not specified. Example:
<init-param>
<param-name>SymmetricEncryptionKey</param-name>
<param-value>Wi2HOOf7B/5kGMnccsodpYPB6xhDFD0AbKTx1gX3Vb8=</param-value>
</init-param>
The domain set (Cookie.setDomain(String)
) on the session cookie. This parameter is only used if SessionCookieParametersClassName
is not specified. Example:
<init-param>
<param-name>CookieDomain</param-name>
<param-value>com.domain.</param-value>
</init-param>
The name used for the session cookie. This parameter is only used if SessionCookieParametersClassName
is not specified. Example:
<init-param>
<param-name>CookieName</param-name>
<param-value>MySession</param-value>
</init-param>
The minimum session cookie value size in bytes for SessionCookieErrorHandler.onSessionCookieSizeWarning(HttpSession, int)
to be called. This parameter is only used if SessionCookieParametersClassName
is not specified. Example:
<init-param>
<param-name>CookieSizeWarning</param-name>
<param-value>2048</param-value>
</init-param>
If you have HTTP requests that are not accessing HttpSession
there are two parameters you can specify to improve the performance of this filter.
<init-param>
<param-name>OnlyPaths</param-name>
<param-value>/api/.*,/routes/.*</param-value>
</init-param>
The ExceptPaths
:
<init-param>
<param-name>ExceptPaths</param-name>
<param-value>/img/*,/css/.*,/js/.*</param-value>
</init-param>
The ExceptPaths
parameter must be a list (comma delimited) of valid Java regular expression. If specified, all request URIs that match this pattern will not be updated to support session cookies. If both ONLY
and ExceptPaths
are specified
then request will not be updated to support session cookies if the OnlyPaths
pattern does not match or the ExceptPaths
pattern does match.
Constructor and Description |
---|
SessionCookieFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain filterChain) |
void |
init(javax.servlet.FilterConfig filterConfig) |
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2017. All rights reserved.