Package org.apache.shiro.web.servlet

Class ShiroHttpServletResponse

  • All Implemented Interfaces:
    javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
    public class ShiroHttpServletResponse
extends javax.servlet.http.HttpServletResponseWrapper
    HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.

    It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions.

    Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.

    Since:
    0.2

    • Field Summary

      • Fields inherited from interface javax.servlet.http.HttpServletResponse

        SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      String encodeRedirectUrl​(String s)  
      String encodeRedirectURL​(String url)
      Encode the session identifier associated with this response into the specified redirect URL, if necessary.
      String encodeUrl​(String s)  
      String encodeURL​(String url)
      Encode the session identifier associated with this response into the specified URL, if necessary.
      javax.servlet.ServletContext getContext()  
      ShiroHttpServletRequest getRequest()  
      protected boolean isEncodeable​(String location)
      Return true if the specified URL should be encoded with a session identifier.
      static boolean isSchemeChar​(char c)
      Determine if the character is allowed in the scheme of a URI.
      void setContext​(javax.servlet.ServletContext context)  
      void setRequest​(ShiroHttpServletRequest request)  
      protected String toEncoded​(String url, String sessionId)
      Return the specified URL with the specified session identifier suitably encoded.

      • Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

        addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus

      • Methods inherited from class javax.servlet.ServletResponseWrapper

        flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getResponse, getWriter, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse

      • Methods inherited from interface javax.servlet.ServletResponse

        flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale

    • Constructor Detail

      • ShiroHttpServletResponse

        public ShiroHttpServletResponse​(javax.servlet.http.HttpServletResponse wrapped,
                                javax.servlet.ServletContext context,
                                ShiroHttpServletRequest request)

    • Method Detail

      • getContext

        public javax.servlet.ServletContext getContext()

      • setContext

        public void setContext​(javax.servlet.ServletContext context)

      • encodeRedirectURL

        public String encodeRedirectURL​(String url)
        Encode the session identifier associated with this response into the specified redirect URL, if necessary.
        Specified by:
        encodeRedirectURL in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper
        Parameters:
        url - URL to be encoded

      • encodeRedirectUrl

        public String encodeRedirectUrl​(String s)
        Specified by:
        encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper

      • encodeURL

        public String encodeURL​(String url)
        Encode the session identifier associated with this response into the specified URL, if necessary.
        Specified by:
        encodeURL in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeURL in class javax.servlet.http.HttpServletResponseWrapper
        Parameters:
        url - URL to be encoded

      • encodeUrl

        public String encodeUrl​(String s)
        Specified by:
        encodeUrl in interface javax.servlet.http.HttpServletResponse
        Overrides:
        encodeUrl in class javax.servlet.http.HttpServletResponseWrapper

      • isEncodeable

        protected boolean isEncodeable​(String location)
        Return true if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:
        • The request we are responding to asked for a valid session
        • The requested session ID was not received via a cookie
        • The specified URL points back to somewhere within the web application that is responding to this request
        Parameters:
        location - Absolute URL to be validated
        Returns:
        true if the specified URL should be encoded with a session identifier, false otherwise.

      • isSchemeChar

        public static boolean isSchemeChar​(char c)
        Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1
        Parameters:
        c - the character to check
        Returns:
        true if the character is allowed in a URI scheme, false otherwise.

      • toEncoded

        protected String toEncoded​(String url,
                           String sessionId)
        Return the specified URL with the specified session identifier suitably encoded.
        Parameters:
        url - URL to be encoded with the session id
        sessionId - Session id to be included in the encoded URL
        Returns:
        the url with the session identifer properly encoded.