Class SessionFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
de.hybris.platform.servicelayer.web.SessionFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class SessionFilter extends org.springframework.web.filter.GenericFilterBean
This filters takes care of the session handling. Right now it still uses some Jalo classes in order to achieve this goal but in the future the complete session handling will be done "inside" the ServiceLayer.
  • Field Details

  • Constructor Details

    • SessionFilter

      public SessionFilter()
  • Method Details

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws IOException, javax.servlet.ServletException
      Before the filterChain gets processed the method activateSession(HttpSession, HttpServletRequest) gets called. After the processing of the filterChain the method deactivateSession(HttpSession) gets called.
      Parameters:
      request - the request
      response - the response
      filterChain - the filterChain
      Throws:
      IOException
      javax.servlet.ServletException
    • isSessionSerializationCheckEnabled

      protected boolean isSessionSerializationCheckEnabled(javax.servlet.http.HttpServletRequest httpRequest)
    • isSessionSerializationEnabled

      protected Boolean isSessionSerializationEnabled(javax.servlet.http.HttpServletRequest request)
    • isExtensionEnabledForSessionChecking

      protected boolean isExtensionEnabledForSessionChecking(javax.servlet.http.HttpServletRequest request)
    • assureAllSessionAttributesAreSerializable

      protected void assureAllSessionAttributesAreSerializable(javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpSession httpSession)
    • activateSession

      protected void activateSession(javax.servlet.http.HttpSession httpSession, javax.servlet.http.HttpServletRequest request)
      This methods first checks, if there is already a Session (JaloSession right now) attached to the httpSession. If there is a attached session, this session will be activated, if there is no attached session, a new session will be created by calling SessionService.createNewSession() and the new session get assigned to the httpSession and the httpSessionId get set on the JaloSession.
      Parameters:
      httpSession - the session which is used
    • deactivateSession

      protected void deactivateSession(javax.servlet.http.HttpSession httpSession)
      Deactivates the current JaloSession by calling JaloSession.deactivate().
      Parameters:
      httpSession - only used for logging purpose right now
    • setSessionService

      public void setSessionService(SessionService sessionService)
    • setStaleSessionSupport

      public void setStaleSessionSupport(StaleSessionSupport staleSessionSupport)
    • getStaleSessionSupport

      public StaleSessionSupport getStaleSessionSupport()
    • afterPropertiesSet

      public void afterPropertiesSet() throws javax.servlet.ServletException
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Overrides:
      afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean
      Throws:
      javax.servlet.ServletException