public class HttpSessionPentahoSessionIntegrationFilter extends Object implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
PentahoSessionHolder
with information obtained from the HttpSession
.
Originally this functionality existed in PentahoHttpRequestListener but has been moved here. Javadoc for that class:
In a J2EE environment, sets the Hitachi Vantara session statically per request so the session can be retrieved by other consumers within the same request without having it passed to them explicitly. -- aphillips
There are two reasons that this is a Filter
and not a ServletRequestListener
:
This implementation is based on org.springframework.security.context.HttpSessionContextIntegrationFilter
.
The HttpSession
will be queried to retrieve the IPentahoSession
that should be stored
against the PentahoSessiontHolder
for the duration of the web request. At the end of the web request,
any updates made to the PentahoSessionHolder
will be persisted back to the HttpSession
by
this filter.
HttpSession
will be created by this filter if one does not already exist. If at the end of the web
request the HttpSession
does not exist, a HttpSession
will only be created if the
current Hitachi Vantara session in PentahoSessionHolder
is not null. This avoids needless
HttpSession
creation, but automates the storage of changes made to the PentahoSessionHolder
. There is one exception to this rule, that is if the forceEagerSessionCreation
property is
true
, in which case sessions will always be created irrespective of normal session-minimization logic
(the default is false
, as this is resource intensive and not recommended).
This filter will only execute once per request, to resolve servlet container (specifically Weblogic)
incompatibilities.
If for whatever reason no HttpSession
should ever be created (eg this filter is only being used
with Basic authentication or similar clients that will never present the same jsessionid
etc), the
setAllowSessionCreation(boolean)
should be set to false
. Only do this if you really need to
conserve server memory and ensure all classes using the PentahoSessionHolder
are designed to have no
persistence of the Hitachi Vantara session between web requests. Please note that if forceEagerSessionCreation
is
true
, the allowSessionCreation
must also be true
(setting it to
false
will cause a startup time error).
This filter MUST be executed BEFORE any code that expects the PentahoSessionHolder
to contain a valid
IPentahoSession
by the time they execute.
Modifier and Type | Field and Description |
---|---|
protected boolean |
callSetAuthenticatedForAnonymousUsers
If true (the default), call
IPentahoSession.setAuthenticated(String) on new IPentahoSession s where
argument is value from /pentaho-system/anonymous-authentication/anonymous-user from pentaho.xml . |
Constructor and Description |
---|
HttpSessionPentahoSessionIntegrationFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
void |
destroy()
Does nothing.
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected org.pentaho.platform.api.engine.IPentahoSession |
generatePentahoSession(javax.servlet.http.HttpServletRequest httpRequest) |
protected String |
getAnonymousUser() |
void |
init(javax.servlet.FilterConfig filterConfig)
Does nothing.
|
boolean |
isAllowSessionCreation() |
boolean |
isForceEagerSessionCreation() |
boolean |
isSsoEnabled()
Serves to identify if the server is using SSO for authentication.
|
protected void |
localeLeftovers(javax.servlet.http.HttpServletRequest httpRequest)
Copied from
PentahoHttpSessionHelper.getPentahoSession(HttpServletRequest) . |
void |
setAllowSessionCreation(boolean allowSessionCreation) |
void |
setCallSetAuthenticatedForAnonymousUsers(boolean callSetAuthenticatedForAnonymousUsers) |
void |
setForceEagerSessionCreation(boolean forceEagerSessionCreation) |
void |
setSsoEnabled(boolean ssoEnabled) |
protected boolean callSetAuthenticatedForAnonymousUsers
IPentahoSession.setAuthenticated(String)
on new IPentahoSession
s where
argument is value from /pentaho-system/anonymous-authentication/anonymous-user
from pentaho.xml
.
Otherwise, IPentahoSession.setAuthenticated(String)
is not called. This is necessary for code that calls
IPentahoSession.isAuthenticated()
in anonymous-only or mixed (i.e. anonymous and non-anonymous)
environments. Even if not in anonymous or mixed environment, this can be true--access must still be given to
anonymous users for URLs and ACLs--hence the default value of true.public HttpSessionPentahoSessionIntegrationFilter()
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
filterConfig
- ignoredjavax.servlet.ServletException
- ignoredpublic void destroy()
destroy
in interface javax.servlet.Filter
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
Exception
protected org.pentaho.platform.api.engine.IPentahoSession generatePentahoSession(javax.servlet.http.HttpServletRequest httpRequest)
protected void localeLeftovers(javax.servlet.http.HttpServletRequest httpRequest)
PentahoHttpSessionHelper.getPentahoSession(HttpServletRequest)
. Not sure what locale code was
doing there in the first place. TODO mlowery move this somewhere elsepublic void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public boolean isAllowSessionCreation()
public void setAllowSessionCreation(boolean allowSessionCreation)
public boolean isForceEagerSessionCreation()
public void setForceEagerSessionCreation(boolean forceEagerSessionCreation)
public void setCallSetAuthenticatedForAnonymousUsers(boolean callSetAuthenticatedForAnonymousUsers)
protected String getAnonymousUser()
public boolean isSsoEnabled()
true
, it disables the session
expire dialog in PUC. The default value is false
.public void setSsoEnabled(boolean ssoEnabled)
Copyright © 2019 Hitachi Vantara. All rights reserved.