Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.pentaho.platform.web.http.security
Class HttpSessionReuseDetectionFilter

java.lang.Object
  extended by org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter

public class HttpSessionReuseDetectionFilter
extends Object

Detects when an HTTP session which contains a logged-in user (as indicated by request.getRemoteUser()) is attempting to authenticate again without logging out. Upon detecting this condition, the session is invalidated, the security context is cleared, and the user is redirected to sessionReuseDetectedUrl. This prevents reuse of an HTTP session which contains potentially sensitive, user-specific data.

To use: Insert after httpSessionContextIntegrationFilter but before authenticationProcessingFilter.

Note: Some code copied from AbstractProcessingFilter.

Author:
mlowery

Constructor Summary
HttpSessionReuseDetectionFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void destroy()
           
 void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
           
 String getFilterProcessesUrl()
           
 String getSessionReuseDetectedUrl()
           
 void init(FilterConfig filterConfig)
           
 void setFilterProcessesUrl(String filterProcessesUrl)
           
 void setSessionReuseDetectedUrl(String sessionReuseDetectedUrl)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HttpSessionReuseDetectionFilter

public HttpSessionReuseDetectionFilter()
Method Detail

init

public void init(FilterConfig filterConfig)
          throws ServletException
Throws:
ServletException

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException
Throws:
IOException
ServletException

destroy

public void destroy()

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Throws:
Exception

getFilterProcessesUrl

public String getFilterProcessesUrl()

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

getSessionReuseDetectedUrl

public String getSessionReuseDetectedUrl()

setSessionReuseDetectedUrl

public void setSessionReuseDetectedUrl(String sessionReuseDetectedUrl)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD