Class HttpSessionPentahoSessionIntegrationFilter
- java.lang.Object
-
- org.pentaho.platform.web.http.filters.HttpSessionPentahoSessionIntegrationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.InitializingBean
public class HttpSessionPentahoSessionIntegrationFilter extends Object implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
Populates thePentahoSessionHolder
with information obtained from theHttpSession
.Originally this functionality existed in PentahoHttpRequestListener but has been moved here. Javadoc for that class:
In a J2EE environment, sets the Hitachi Vantara session statically per request so the session can be retrieved by other consumers within the same request without having it passed to them explicitly. -- aphillips
There are two reasons that this is a
Filter
and not aServletRequestListener
:- Filters are compatible with Servlet 2.3 web applications.
- Filters can be ordered.
This implementation is based on
org.springframework.security.context.HttpSessionContextIntegrationFilter
.The
NoHttpSession
will be queried to retrieve theIPentahoSession
that should be stored against thePentahoSessionHolder
for the duration of the web request. At the end of the web request, any updates made to thePentahoSessionHolder
will be persisted back to theHttpSession
by this filter.HttpSession
will be created by this filter if one does not already exist. If at the end of the web request theHttpSession
does not exist, aHttpSession
will only be created if the current Hitachi Vantara session inPentahoSessionHolder
is not null. This avoids needlessHttpSession
creation, but automates the storage of changes made to thePentahoSessionHolder
. There is one exception to this rule, that is if theforceEagerSessionCreation
property istrue
, in which case sessions will always be created irrespective of normal session-minimization logic (the default isfalse
, as this is resource intensive and not recommended). This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities. If for whatever reason noHttpSession
should ever be created (eg this filter is only being used with Basic authentication or similar clients that will never present the samejsessionid
etc), thesetAllowSessionCreation(boolean)
should be set tofalse
. Only do this if you really need to conserve server memory and ensure all classes using thePentahoSessionHolder
are designed to have no persistence of the Hitachi Vantara session between web requests. Please note that ifforceEagerSessionCreation
istrue
, theallowSessionCreation
must also betrue
(setting it tofalse
will cause a startup time error). This filter MUST be executed BEFORE any code that expects thePentahoSessionHolder
to contain a validIPentahoSession
by the time they execute.
-
-
Field Summary
Fields Modifier and Type Field Description protected boolean
callSetAuthenticatedForAnonymousUsers
If true (the default), callIPentahoSession.setAuthenticated(String)
on newIPentahoSession
s where argument is value from/pentaho-system/anonymous-authentication/anonymous-user
frompentaho.xml
.
-
Constructor Summary
Constructors Constructor Description HttpSessionPentahoSessionIntegrationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
void
destroy()
Does nothing.void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
protected org.pentaho.platform.api.engine.IPentahoSession
generatePentahoSession(javax.servlet.http.HttpServletRequest httpRequest)
protected String
getAnonymousUser()
void
init(javax.servlet.FilterConfig filterConfig)
Does nothing.boolean
isAllowSessionCreation()
boolean
isForceEagerSessionCreation()
boolean
isSsoEnabled()
Serves to identify if the server is using SSO for authentication.protected void
localeLeftovers(javax.servlet.http.HttpServletRequest httpRequest)
Copied fromPentahoHttpSessionHelper.getPentahoSession(HttpServletRequest)
.void
setAllowSessionCreation(boolean allowSessionCreation)
void
setCallSetAuthenticatedForAnonymousUsers(boolean callSetAuthenticatedForAnonymousUsers)
void
setForceEagerSessionCreation(boolean forceEagerSessionCreation)
void
setSsoEnabled(boolean ssoEnabled)
-
-
-
Field Detail
-
callSetAuthenticatedForAnonymousUsers
protected boolean callSetAuthenticatedForAnonymousUsers
If true (the default), callIPentahoSession.setAuthenticated(String)
on newIPentahoSession
s where argument is value from/pentaho-system/anonymous-authentication/anonymous-user
frompentaho.xml
. Otherwise,IPentahoSession.setAuthenticated(String)
is not called. This is necessary for code that callsIPentahoSession.isAuthenticated()
in anonymous-only or mixed (i.e. anonymous and non-anonymous) environments. Even if not in anonymous or mixed environment, this can be true--access must still be given to anonymous users for URLs and ACLs--hence the default value of true.
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
Does nothing. We use IoC container lifecycle services instead.- Specified by:
init
in interfacejavax.servlet.Filter
- Parameters:
filterConfig
- ignored- Throws:
javax.servlet.ServletException
- ignored
-
destroy
public void destroy()
Does nothing. We use IoC container lifecycle services instead.- Specified by:
destroy
in interfacejavax.servlet.Filter
-
afterPropertiesSet
public void afterPropertiesSet() throws Exception
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Throws:
Exception
-
generatePentahoSession
protected org.pentaho.platform.api.engine.IPentahoSession generatePentahoSession(javax.servlet.http.HttpServletRequest httpRequest)
-
localeLeftovers
protected void localeLeftovers(javax.servlet.http.HttpServletRequest httpRequest)
Copied fromPentahoHttpSessionHelper.getPentahoSession(HttpServletRequest)
. Not sure what locale code was doing there in the first place. TODO mlowery move this somewhere else
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
isAllowSessionCreation
public boolean isAllowSessionCreation()
-
setAllowSessionCreation
public void setAllowSessionCreation(boolean allowSessionCreation)
-
isForceEagerSessionCreation
public boolean isForceEagerSessionCreation()
-
setForceEagerSessionCreation
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
-
setCallSetAuthenticatedForAnonymousUsers
public void setCallSetAuthenticatedForAnonymousUsers(boolean callSetAuthenticatedForAnonymousUsers)
-
getAnonymousUser
protected String getAnonymousUser()
-
isSsoEnabled
public boolean isSsoEnabled()
Serves to identify if the server is using SSO for authentication. Iftrue
, it disables the session expire dialog in PUC. The default value isfalse
.
-
setSsoEnabled
public void setSsoEnabled(boolean ssoEnabled)
-
-