List of usage examples for org.apache.shiro.web.servlet ShiroHttpServletRequest REFERENCED_SESSION_ID_SOURCE
String REFERENCED_SESSION_ID_SOURCE
To view the source code for org.apache.shiro.web.servlet ShiroHttpServletRequest REFERENCED_SESSION_ID_SOURCE.
Click Source Link
From source file:com.fengduo.spark.commons.shiro.session.SessionManager.java
License:Open Source License
@Override protected Serializable getSessionId(ServletRequest request, ServletResponse response) { // ??__sid??sid? http://localhost/project?__sid=xxx&__cookie=true String sid = request.getParameter("__sid"); if (StringUtils.isNotBlank(sid)) { // ?sid?cookie??? if (WebUtils.isTrue(request, "__cookie")) { HttpServletRequest rq = (HttpServletRequest) request; HttpServletResponse rs = (HttpServletResponse) response; Cookie template = getSessionIdCookie(); Cookie cookie = new SimpleCookie(template); cookie.setValue(sid);/*ww w . j a v a2 s .c o m*/ cookie.saveTo(rq, rs); } // ?session? request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session??url request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); return sid; } else { return super.getSessionId(request, response); } }
From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManager.java
License:Open Source License
@Override protected void onStart(Session session, SessionContext context) { if (!WebUtils.isHttp(context)) { log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " + "pair. No session ID cookie will be set."); return;/*from w w w. j ava2 s. com*/ } HttpServletRequest request = WebUtils.getHttpRequest(context); HttpServletResponse response = WebUtils.getHttpResponse(context); if (isSessionIdCookieEnabled(request, response)) { Serializable sessionId = session.getId(); storeSessionId(sessionId, request, response); } else { log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId()); } request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE); request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE); }
From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManager.java
License:Open Source License
private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) { String id = getSessionIdCookieValue(request, response); if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE); } else {/*ww w .j a v a 2 s .c om*/ // not in a cookie, or cookie is disabled - try the request params as a fallback (i.e. URL rewriting): id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); if (id == null) { // try lowercase: id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase()); } if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); } } if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id); // automatically mark it valid here. If it is invalid, the // onUnknownSession method below will be invoked and we'll remove the attribute at that time. request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); } return id; }