java.lang.Object
- javax.servlet.ServletResponseWrapper
- - javax.servlet.http.HttpServletResponseWrapper
  - - org.apache.shiro.web.servlet.ShiroHttpServletResponse

All Implemented Interfaces:

HttpServletResponse, ServletResponse
```
public class ShiroHttpServletResponse
extends HttpServletResponseWrapper
```
HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.
It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions.
Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.

Since:

0.2

Field Summary
- Fields inherited from interface javax.servlet.http.HttpServletResponse
  SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

Constructor Summary

Constructors
Constructor	Description
`ShiroHttpServletResponse(HttpServletResponse wrapped, ServletContext context, ShiroHttpServletRequest request)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`String`	`encodeRedirectUrl(String s)`
`String`	`encodeRedirectURL(String url)`	Encode the session identifier associated with this response into the specified redirect URL, if necessary.
`String`	`encodeUrl(String s)`
`String`	`encodeURL(String url)`	Encode the session identifier associated with this response into the specified URL, if necessary.
`ServletContext`	`getContext()`
`ShiroHttpServletRequest`	`getRequest()`
`protected boolean`	`isEncodeable(String location)`	Return `true` if the specified URL should be encoded with a session identifier.
`static boolean`	`isSchemeChar(char c)`	Determine if the character is allowed in the scheme of a URI.
`void`	`setContext(ServletContext context)`
`void`	`setRequest(ShiroHttpServletRequest request)`
`protected String`	`toEncoded(String url, String sessionId)`	Return the specified URL with the specified session identifier suitably encoded.

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus

Methods inherited from class javax.servlet.ServletResponseWrapper
flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getResponse, getWriter, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletResponse
flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale

- Constructor Detail
  - ShiroHttpServletResponse
```
public ShiroHttpServletResponse(HttpServletResponse wrapped,
                                ServletContext context,
                                ShiroHttpServletRequest request)
```
- Method Detail
  - getContext
```
public ServletContext getContext()
```
  - setContext
```
public void setContext(ServletContext context)
```
  - getRequest
```
public ShiroHttpServletRequest getRequest()
```
  - setRequest
```
public void setRequest(ShiroHttpServletRequest request)
```
  - encodeRedirectURL
```
public String encodeRedirectURL(String url)
```
    Encode the session identifier associated with this response into the specified redirect URL, if necessary.
    
    Specified by:
    
    encodeRedirectURL in interface HttpServletResponse
    
    Overrides:
    
    encodeRedirectURL in class HttpServletResponseWrapper
    
    Parameters:
    
    url - URL to be encoded
  - encodeRedirectUrl
```
public String encodeRedirectUrl(String s)
```
    Specified by:
    
    encodeRedirectUrl in interface HttpServletResponse
    
    Overrides:
    
    encodeRedirectUrl in class HttpServletResponseWrapper
  - encodeURL
```
public String encodeURL(String url)
```
    Encode the session identifier associated with this response into the specified URL, if necessary.
    
    Specified by:
    
    encodeURL in interface HttpServletResponse
    
    Overrides:
    
    encodeURL in class HttpServletResponseWrapper
    
    Parameters:
    
    url - URL to be encoded
  - encodeUrl
```
public String encodeUrl(String s)
```
    Specified by:
    
    encodeUrl in interface HttpServletResponse
    
    Overrides:
    
    encodeUrl in class HttpServletResponseWrapper
  - isEncodeable
```
protected boolean isEncodeable(String location)
```
    Return true if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:
    
    The request we are responding to asked for a valid session
    The requested session ID was not received via a cookie
    The specified URL points back to somewhere within the web application that is responding to this request
    Parameters:
    
    location - Absolute URL to be validated
    
    Returns:
    
    true if the specified URL should be encoded with a session identifier, false otherwise.
  - isSchemeChar
```
public static boolean isSchemeChar(char c)
```
    Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1
    
    Parameters:
    
    c - the character to check
    
    Returns:
    
    true if the character is allowed in a URI scheme, false otherwise.
  - toEncoded
```
protected String toEncoded(String url,
                           String sessionId)
```
    Return the specified URL with the specified session identifier suitably encoded.
    
    Parameters:
    
    url - URL to be encoded with the session id
    
    sessionId - Session id to be included in the encoded URL
    
    Returns:
    
    the url with the session identifer properly encoded.

Class ShiroHttpServletResponse

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletResponse

Constructor Summary

Method Summary

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

Methods inherited from class javax.servlet.ServletResponseWrapper

Methods inherited from class java.lang.Object

Methods inherited from interface javax.servlet.ServletResponse

Constructor Detail

ShiroHttpServletResponse

Method Detail

getContext

setContext

getRequest

setRequest

encodeRedirectURL

encodeRedirectUrl

encodeURL

encodeUrl

isEncodeable

isSchemeChar

toEncoded