Package org.apache.shiro.web.servlet
Class ShiroHttpServletResponse
- java.lang.Object
-
- javax.servlet.ServletResponseWrapper
-
- javax.servlet.http.HttpServletResponseWrapper
-
- org.apache.shiro.web.servlet.ShiroHttpServletResponse
-
- All Implemented Interfaces:
HttpServletResponse
,ServletResponse
public class ShiroHttpServletResponse extends HttpServletResponseWrapper
HttpServletResponse implementation to support URL Encoding of Shiro Session IDs. It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions. Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.- Since:
- 0.2
-
-
Field Summary
-
Fields inherited from interface javax.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
-
-
Constructor Summary
Constructors Constructor Description ShiroHttpServletResponse(HttpServletResponse wrapped, ServletContext context, ShiroHttpServletRequest request)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String
encodeRedirectUrl(String s)
String
encodeRedirectURL(String url)
Encode the session identifier associated with this response into the specified redirect URL, if necessary.String
encodeUrl(String s)
String
encodeURL(String url)
Encode the session identifier associated with this response into the specified URL, if necessary.ServletContext
getContext()
ShiroHttpServletRequest
getRequest()
protected boolean
isEncodeable(String location)
Returntrue
if the specified URL should be encoded with a session identifier.static boolean
isSchemeChar(char c)
Determine if the character is allowed in the scheme of a URI.void
setContext(ServletContext context)
void
setRequest(ShiroHttpServletRequest request)
protected String
toEncoded(String url, String sessionId)
Return the specified URL with the specified session identifier suitably encoded.-
Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus
-
Methods inherited from class javax.servlet.ServletResponseWrapper
flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getResponse, getWriter, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface javax.servlet.ServletResponse
flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale
-
-
-
-
Constructor Detail
-
ShiroHttpServletResponse
public ShiroHttpServletResponse(HttpServletResponse wrapped, ServletContext context, ShiroHttpServletRequest request)
-
-
Method Detail
-
getContext
public ServletContext getContext()
-
setContext
public void setContext(ServletContext context)
-
getRequest
public ShiroHttpServletRequest getRequest()
-
setRequest
public void setRequest(ShiroHttpServletRequest request)
-
encodeRedirectURL
public String encodeRedirectURL(String url)
Encode the session identifier associated with this response into the specified redirect URL, if necessary.- Specified by:
encodeRedirectURL
in interfaceHttpServletResponse
- Overrides:
encodeRedirectURL
in classHttpServletResponseWrapper
- Parameters:
url
- URL to be encoded
-
encodeRedirectUrl
public String encodeRedirectUrl(String s)
- Specified by:
encodeRedirectUrl
in interfaceHttpServletResponse
- Overrides:
encodeRedirectUrl
in classHttpServletResponseWrapper
-
encodeURL
public String encodeURL(String url)
Encode the session identifier associated with this response into the specified URL, if necessary.- Specified by:
encodeURL
in interfaceHttpServletResponse
- Overrides:
encodeURL
in classHttpServletResponseWrapper
- Parameters:
url
- URL to be encoded
-
encodeUrl
public String encodeUrl(String s)
- Specified by:
encodeUrl
in interfaceHttpServletResponse
- Overrides:
encodeUrl
in classHttpServletResponseWrapper
-
isEncodeable
protected boolean isEncodeable(String location)
Returntrue
if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:- The request we are responding to asked for a valid session
- The requested session ID was not received via a cookie
- The specified URL points back to somewhere within the web application that is responding to this request
- Parameters:
location
- Absolute URL to be validated- Returns:
true
if the specified URL should be encoded with a session identifier,false
otherwise.
-
isSchemeChar
public static boolean isSchemeChar(char c)
Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1- Parameters:
c
- the character to check- Returns:
true
if the character is allowed in a URI scheme,false
otherwise.
-
toEncoded
protected String toEncoded(String url, String sessionId)
Return the specified URL with the specified session identifier suitably encoded.- Parameters:
url
- URL to be encoded with the session idsessionId
- Session id to be included in the encoded URL- Returns:
- the url with the session identifer properly encoded.
-
-