Package org.pentaho.platform.web.http.filters

Class HttpSessionPentahoSessionIntegrationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
    public class HttpSessionPentahoSessionIntegrationFilter
extends Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean
    Populates the PentahoSessionHolder with information obtained from the HttpSession.

    Originally this functionality existed in PentahoHttpRequestListener but has been moved here. Javadoc for that class:

    In a J2EE environment, sets the Hitachi Vantara session statically per request so the session can be retrieved by other consumers within the same request without having it passed to them explicitly. -- aphillips

    There are two reasons that this is a Filter and not a ServletRequestListener:

    • Filters are compatible with Servlet 2.3 web applications.
    • Filters can be ordered.

    This implementation is based on org.springframework.security.context.HttpSessionContextIntegrationFilter.

    The HttpSession will be queried to retrieve the IPentahoSession that should be stored against the PentahoSessiontHolder for the duration of the web request. At the end of the web request, any updates made to the PentahoSessionHolder will be persisted back to the HttpSession by this filter.

    No HttpSession will be created by this filter if one does not already exist. If at the end of the web request the HttpSession does not exist, a HttpSession will only be created if the current Hitachi Vantara session in PentahoSessionHolder is not null. This avoids needless HttpSession creation, but automates the storage of changes made to the PentahoSessionHolder . There is one exception to this rule, that is if the forceEagerSessionCreation property is true, in which case sessions will always be created irrespective of normal session-minimization logic (the default is false, as this is resource intensive and not recommended).

    This filter will only execute once per request, to resolve servlet container (specifically Weblogic) incompatibilities.

    If for whatever reason no HttpSession should ever be created (eg this filter is only being used with Basic authentication or similar clients that will never present the same jsessionid etc), the setAllowSessionCreation(boolean) should be set to false. Only do this if you really need to conserve server memory and ensure all classes using the PentahoSessionHolder are designed to have no persistence of the Hitachi Vantara session between web requests. Please note that if forceEagerSessionCreation is true, the allowSessionCreation must also be true (setting it to false will cause a startup time error).

    This filter MUST be executed BEFORE any code that expects the PentahoSessionHolder to contain a valid IPentahoSession by the time they execute.

    • Field Detail

      • callSetAuthenticatedForAnonymousUsers

        protected boolean callSetAuthenticatedForAnonymousUsers
        If true (the default), call IPentahoSession.setAuthenticated(String) on new IPentahoSessions where argument is value from /pentaho-system/anonymous-authentication/anonymous-user from pentaho.xml. Otherwise, IPentahoSession.setAuthenticated(String) is not called. This is necessary for code that calls IPentahoSession.isAuthenticated() in anonymous-only or mixed (i.e. anonymous and non-anonymous) environments. Even if not in anonymous or mixed environment, this can be true--access must still be given to anonymous users for URLs and ACLs--hence the default value of true.

    • Constructor Detail

      • HttpSessionPentahoSessionIntegrationFilter

        public HttpSessionPentahoSessionIntegrationFilter()

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Does nothing. We use IoC container lifecycle services instead.
        Specified by:
        init in interface javax.servlet.Filter
        Parameters:
        filterConfig - ignored
        Throws:
        javax.servlet.ServletException - ignored

      • destroy

        public void destroy()
        Does nothing. We use IoC container lifecycle services instead.
        Specified by:
        destroy in interface javax.servlet.Filter

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        Exception

      • generatePentahoSession

        protected org.pentaho.platform.api.engine.IPentahoSession generatePentahoSession​(javax.servlet.http.HttpServletRequest httpRequest)

      • localeLeftovers

        protected void localeLeftovers​(javax.servlet.http.HttpServletRequest httpRequest)
        Copied from PentahoHttpSessionHelper.getPentahoSession(HttpServletRequest). Not sure what locale code was doing there in the first place. TODO mlowery move this somewhere else

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        IOException
        javax.servlet.ServletException

      • isAllowSessionCreation

        public boolean isAllowSessionCreation()

      • setAllowSessionCreation

        public void setAllowSessionCreation​(boolean allowSessionCreation)

      • isForceEagerSessionCreation

        public boolean isForceEagerSessionCreation()

      • setForceEagerSessionCreation

        public void setForceEagerSessionCreation​(boolean forceEagerSessionCreation)

      • setCallSetAuthenticatedForAnonymousUsers

        public void setCallSetAuthenticatedForAnonymousUsers​(boolean callSetAuthenticatedForAnonymousUsers)

      • getAnonymousUser

        protected String getAnonymousUser()

      • isSsoEnabled

        public boolean isSsoEnabled()
        Serves to identify if the server is using SSO for authentication. If true, it disables the session expire dialog in PUC. The default value is false.

      • setSsoEnabled

        public void setSsoEnabled​(boolean ssoEnabled)