org.hyperic.hq.ui.security.ApiFilterSecurityInterceptor.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.hyperic.hq.ui.security.ApiFilterSecurityInterceptor.java

Introduction

Here is the source code for org.hyperic.hq.ui.security.ApiFilterSecurityInterceptor.java

Source

/**
 * NOTE: This copyright does *not* cover user programs that use HQ
 * program services by normal system calls through the application
 * program interfaces provided as part of the Hyperic Plug-in Development
 * Kit or the Hyperic Client Development Kit - this is merely considered
 * normal use of the program, and does *not* fall under the heading of
 *  "derived work".
 *
 *  Copyright (C) [2009-2012], VMware, Inc.
 *  This file is part of HQ.
 *
 *  HQ is free software; you can redistribute it and/or modify
 *  it under the terms version 2 of the GNU General Public License as
 *  published by the Free Software Foundation. This program is distributed
 *  in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 *  even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 *  PARTICULAR PURPOSE. See the GNU General Public License for more
 *  details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 *  USA.
 *
 */
package org.hyperic.hq.ui.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hyperic.hq.auth.shared.SessionManager;
import org.hyperic.hq.ui.util.RequestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

public class ApiFilterSecurityInterceptor extends FilterSecurityInterceptor {
    private final SessionManager _sessionManager;
    private final Log log = LogFactory.getLog(ApiFilterSecurityInterceptor.class);

    @Autowired
    public ApiFilterSecurityInterceptor(SessionManager sessionManager) {
        _sessionManager = sessionManager;
    }

    @Override
    public void invoke(FilterInvocation fi) throws IOException, ServletException {
        super.invoke(fi);
        //For API calls, invalidate the session after the request ends
        try {
            //TODO: [HHQ-5412] Guys 9/2/2012: temporary support for http client reuse in app-insight  
            final HttpServletRequest request = fi.getHttpRequest();
            if (!RequestUtils.isStatefulHttpSession(request)) {
                int sessId = RequestUtils.getSessionIdInt(request);
                _sessionManager.invalidate(sessId);
            } //EO if stateless session 
            else if (log.isDebugEnabled()) {
                log.debug("Session " + RequestUtils.getSessionIdInt(request) + " is stateful, leaving active.");
            } //EO else if 
        } catch (Exception e) {
            log.warn("Error invalidating the user associated with this session: " + e.getMessage());
        }
    }

}