HttpSessionReuseDetectionFilter

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.pentaho.platform.web.http.security
Class HttpSessionReuseDetectionFilter

java.lang.Object
  org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter

All Implemented Interfaces:: javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

public class HttpSessionReuseDetectionFilter
extends Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
extends Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean

Detects when an HTTP session which contains a logged-in user (as indicated by request.getRemoteUser()) is attempting to authenticate again without logging out. Upon detecting this condition, the session is invalidated, the security context is cleared, and the user is redirected to sessionReuseDetectedUrl. This prevents reuse of an HTTP session which contains potentially sensitive, user-specific data.

To use: Insert after httpSessionContextIntegrationFilter but before authenticationProcessingFilter.

Note: Some code copied from AbstractProcessingFilter.

Author:: mlowery

Constructor Summary
`HttpSessionReuseDetectionFilter()`

Method Summary
`void`	`afterPropertiesSet()`
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`String`	`getFilterProcessesUrl()`
`String`	`getSessionReuseDetectedUrl()`
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`void`	`setFilterProcessesUrl(String filterProcessesUrl)`
`void`	`setSessionReuseDetectedUrl(String sessionReuseDetectedUrl)`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail