Re: Session Strategy

Thu, 20 Jan 2005 10:07:11 -0800 

package com.crackwillow.filter;

import java.io.IOException;
import java.io.PrintStream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.crackwillow.constant.SiteConstant;
import com.crackwillow.log.StdOut;

public class SessionExpireFilter
    implements Filter {
  private static final String       REDIRECT     = "redirect";
  private static final String       HTTP         = "http";
  private static       boolean      no_init      = true;
  private              FilterConfig filterConfig;
  private              String       redirect;

  public SessionExpireFilter()
  {
    redirect = null;
  }

  public void init(FilterConfig filterConfig)
      throws ServletException {
    filterConfig = filterConfig;
    no_init      = false;
    initRoute();
  }

  public void destroy() {
    filterConfig = null;
  }

  public FilterConfig getFilterConfig() {
    return filterConfig;
  }

  public void setFilterConfig(FilterConfig filterConfig) {
    if(no_init) {
      filterConfig = filterConfig;
      initRoute();
      no_init      = false;
    }
  }

  public void doFilter(ServletRequest request,
                       ServletResponse response,
                       FilterChain filterChain)
      throws IOException,
             ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest)request;
    HttpSession        httpSession = httpRequest.getSession(false);

    if(httpSession == null ||
      httpRequest.getRequestedSessionId() == null ||
      redirect == null) {
      filterChain.doFilter(request, response);
    } else {
      String sessionId = httpSession.getId();
      if(sessionId.equals(httpRequest.getRequestedSessionId())) {
        filterChain.doFilter(request, response);
      } else {
        HttpServletResponse httpResponse = (HttpServletResponse)response;
        ServletContext servletContext = filterConfig.getServletContext();
        if(getRedirect(redirect)) {
          httpResponse.sendRedirect(redirect);
        } else {
          RequestDispatcher requestDispatcher =
servletContext.getRequestDispatcher(redirect);
          requestDispatcher.forward(request, response);
        }
      }
    }
  }

  public void initRoute() {
    ServletContext servletContext = filterConfig.getServletContext();
    redirect = filterConfig.getInitParameter(REDIRECT);
    if(redirect == null) {
      StdOut.log(SiteConstant.ERROR_LOG,"The variable redirect in
SessionExpireFilter is not set.");
    }
  }

  private boolean getRedirect(String redirectURL) {
    int i = redirectURL.indexOf(":");
    if(i <= 0) {
      return false;
    } else {
      return redirectURL.substring(0,
i).toUpperCase().toLowerCase().startsWith(HTTP);
    }
  }
}

/*
<filter>
  <filter-name>SessionExpireFilter</filter-name>
  <filter-class>com.crackwillow.filter.SessionExpireFilter</filter-class>
  <init-param>
  <param-name>redirect</param-name>
  <param-value>/index.jsp</param-value>
  </init-param>
</filter>

c) describe a mapping for this filter in web.xml. E.g.:

<filter-mapping>
  <filter-name>SessionExpireFilter</filter-name>
  <url-pattern>*.jsp</url-pattern>
</filter-mapping>
*/


Jack


On Thu, 20 Jan 2005 03:40:12 +0000, Jim Douglas <[EMAIL PROTECTED]> wrote:
> To all,
> 
>   I have a web application that sets a session attribute with userID and a
> timeout in the config file that times out after 5 minutes in case the user
> walks away.
> 
> I am trying to figure out the best strategy to deal with cases where the
> user comes back after 5 minutes and clicks on a button anywhere in the app
> that requires that attribute that just expitred to have a valid value.
> 
> Should I,
> 
> 1> Put code like this in the JSP,
> 
> <c:if test="${sessionScope.userID eq 'null'}">
>   forward to login page....
> </c:if>
> 
> 2> Or should I just put all the code in the class files, something like
> this,
> 
>          Integer userID =
> (Integer)request.getSession().getAttribute("userID");
>          if (userID==null){
>              return mapping.findForward("failure");
>          }
> 
> Or
> 3> ?? I'm open to suggestions!
> 
> Thanks,
> Jim
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 


-- 
------------------------------

"You can lead a horse to water but you cannot make it float on its back."

~Dakota Jack~

"You can't wake a person who is pretending to be asleep."

~Native Proverb~

"Each man is good in His sight. It is not necessary for eagles to be crows."

~Hunkesni (Sitting Bull), Hunkpapa Sioux~

-----------------------------------------------

"This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation."

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to