org.apache.shiro.web.servlet

Class ShiroHttpServletResponse

java.lang.Object

javax.servlet.ServletResponseWrapper

javax.servlet.http.HttpServletResponseWrapper

org.apache.shiro.web.servlet.ShiroHttpServletResponse

All Implemented Interfaces:

javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse

public class ShiroHttpServletResponse
extends javax.servlet.http.HttpServletResponseWrapper

HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.

It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions.

Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.

Since:

0.2

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletResponse

SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

Constructor Summary

Constructors

Constructor and Description
ShiroHttpServletResponse(javax.servlet.http.HttpServletResponse wrapped, javax.servlet.ServletContext context, ShiroHttpServletRequest request)

Method Summary

Modifier and Type	Method and Description
String	encodeRedirectUrl(String s)
String	encodeRedirectURL(String url) Encode the session identifier associated with this response into the specified redirect URL, if necessary.
String	encodeUrl(String s)
String	encodeURL(String url) Encode the session identifier associated with this response into the specified URL, if necessary.
javax.servlet.ServletContext	getContext()
ShiroHttpServletRequest	getRequest()
protected boolean	isEncodeable(String location) Return true if the specified URL should be encoded with a session identifier.
static boolean	isSchemeChar(char c) Determine if the character is allowed in the scheme of a URI.
void	setContext(javax.servlet.ServletContext context)
void	setRequest(ShiroHttpServletRequest request)
protected String	toEncoded(String url, String sessionId) Return the specified URL with the specified session identifier suitably encoded.

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus

Methods inherited from class javax.servlet.ServletResponseWrapper

flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getResponse, getWriter, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletResponse

flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale

Constructor Detail

ShiroHttpServletResponse

public ShiroHttpServletResponse(javax.servlet.http.HttpServletResponse wrapped,
                                javax.servlet.ServletContext context,
                                ShiroHttpServletRequest request)

Method Detail

getContext

public javax.servlet.ServletContext getContext()

setContext

public void setContext(javax.servlet.ServletContext context)

getRequest

public ShiroHttpServletRequest getRequest()

setRequest

public void setRequest(ShiroHttpServletRequest request)

encodeRedirectURL

public String encodeRedirectURL(String url)

Encode the session identifier associated with this response into the specified redirect URL, if necessary.

Specified by:

encodeRedirectURL in interface javax.servlet.http.HttpServletResponse

Overrides:

encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper

Parameters:

url - URL to be encoded

encodeRedirectUrl

public String encodeRedirectUrl(String s)

Specified by:

encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse

Overrides:

encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper

encodeURL

public String encodeURL(String url)

Encode the session identifier associated with this response into the specified URL, if necessary.

Specified by:

encodeURL in interface javax.servlet.http.HttpServletResponse

Overrides:

encodeURL in class javax.servlet.http.HttpServletResponseWrapper

Parameters:

url - URL to be encoded

encodeUrl

public String encodeUrl(String s)

Specified by:

encodeUrl in interface javax.servlet.http.HttpServletResponse

Overrides:

encodeUrl in class javax.servlet.http.HttpServletResponseWrapper

isEncodeable

protected boolean isEncodeable(String location)

Return true if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:

• The request we are responding to asked for a valid session
• The requested session ID was not received via a cookie
• The specified URL points back to somewhere within the web application that is responding to this request

Parameters:

location - Absolute URL to be validated

Returns:

true if the specified URL should be encoded with a session identifier, false otherwise.

isSchemeChar

public static boolean isSchemeChar(char c)

Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1

Parameters:

c - the character to check

Returns:

true if the character is allowed in a URI scheme, false otherwise.

toEncoded

protected String toEncoded(String url,
                           String sessionId)

Return the specified URL with the specified session identifier suitably encoded.

Parameters:

url - URL to be encoded with the session id

sessionId - Session id to be included in the encoded URL

Returns:

the url with the session identifer properly encoded.