View Javadoc

1   /*
2    * Copyright 2018 Hippo B.V. (http://www.onehippo.com)
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *         http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.onehippo.forge.hst.spring.support.session.servlet;
17  
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpSession;
20  
21  import org.springframework.session.SessionRepository;
22  
23  /**
24   * {@link SessionRepository} implementation simply by delegating call to the underlying servlet container's {@link HttpSession}.
25   */
26  public class HttpSessionDelegatingRepository implements SessionRepository<HttpSessionDelegatingSession> {
27  
28      @Override
29      public HttpSessionDelegatingSession createSession() {
30          final HttpServletRequest request = HttpSessionDelegatingContext.getCurrentServletRequest();
31  
32          if (request == null) {
33              throw new IllegalStateException("HttpServletRequest not found yet.");
34          }
35  
36          final HttpSession httpSession = request.getSession(true);
37          final HttpSessionDelegatingSession session = new HttpSessionDelegatingSession(httpSession);
38          httpSession.setAttribute(HttpSessionDelegatingSession.NAME, session);
39  
40          return session;
41      }
42  
43      @Override
44      public void save(HttpSessionDelegatingSession session) {
45          // Nothing to do as container's session management does care of it.
46      }
47  
48      @Override
49      public HttpSessionDelegatingSession findById(String id) {
50          final HttpServletRequest request = HttpSessionDelegatingContext.getCurrentServletRequest();
51          final HttpSession httpSession = (request != null) ? request.getSession(false) : null;
52  
53          if (httpSession == null) {
54              return null;
55          }
56  
57          HttpSessionDelegatingSession session = (HttpSessionDelegatingSession) httpSession.getAttribute(HttpSessionDelegatingSession.NAME);
58  
59          if (session != null) {
60              // If previous JSESSIONID cookie in browser's in-memory session remains while tomcat gets restarted,
61              // then we need to recreate Session again.
62              if (!httpSession.getId().equals(id)) {
63                  session = new HttpSessionDelegatingSession(httpSession);
64                  httpSession.setAttribute(HttpSessionDelegatingSession.NAME, session);
65              }
66          }
67  
68          return session;
69      }
70  
71      @Override
72      public void deleteById(String id) {
73          final HttpServletRequest request = HttpSessionDelegatingContext.getCurrentServletRequest();
74          final HttpSession httpSession = (request != null) ? request.getSession(false) : null;
75  
76          if (httpSession == null) {
77              return;
78          }
79  
80          HttpSessionDelegatingSession session = (HttpSessionDelegatingSession) httpSession.getAttribute(HttpSessionDelegatingSession.NAME);
81  
82          if (session != null) {
83              if (session.getId().equals(id)) {
84                  httpSession.invalidate();
85              }
86          }
87      }
88  }