Package org.apache.shiro.web.servlet

Class ShiroHttpServletResponse

java.lang.Object
javax.servlet.ServletResponseWrapper
javax.servlet.http.HttpServletResponseWrapper
org.apache.shiro.web.servlet.ShiroHttpServletResponse
All Implemented Interfaces:
javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
public class ShiroHttpServletResponse extends javax.servlet.http.HttpServletResponseWrapper
HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.

It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions.

Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.

Since:
0.2

  • Field Summary

    Fields inherited from interface javax.servlet.http.HttpServletResponse

    SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

  • Constructor Summary

    Constructors
    Constructor
    Description
    ShiroHttpServletResponse(javax.servlet.http.HttpServletResponse wrapped, javax.servlet.ServletContext context, ShiroHttpServletRequest request)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    encodeRedirectUrl(String s)
    Deprecated.
    String
    encodeRedirectURL(String url)
    Encode the session identifier associated with this response into the specified redirect URL, if necessary.
    String
    encodeUrl(String s)
    Deprecated.
    String
    encodeURL(String url)
    Encode the session identifier associated with this response into the specified URL, if necessary.
    javax.servlet.ServletContext
    getContext()
     
    ShiroHttpServletRequest
    getRequest()
     
    protected boolean
    isEncodeable(String location)
    Return true if the specified URL should be encoded with a session identifier.
    static boolean
    isSchemeChar(char c)
    Determine if the character is allowed in the scheme of a URI.
    void
    setContext(javax.servlet.ServletContext context)
     
    void
    setRequest(ShiroHttpServletRequest request)
     
    protected String
    toEncoded(String url, String sessionId)
    Return the specified URL with the specified session identifier suitably encoded.

    Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

    addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields

    Methods inherited from class javax.servlet.ServletResponseWrapper

    flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getResponse, getWriter, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface javax.servlet.ServletResponse

    flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale

  • Constructor Details

  • Method Details

    • getContext

      public javax.servlet.ServletContext getContext()

    • setContext

      public void setContext(javax.servlet.ServletContext context)

    • getRequest

      public ShiroHttpServletRequest getRequest()

    • setRequest

      public void setRequest(ShiroHttpServletRequest request)

    • encodeRedirectURL

      public String encodeRedirectURL(String url)
      Encode the session identifier associated with this response into the specified redirect URL, if necessary.
      Specified by:
      encodeRedirectURL in interface javax.servlet.http.HttpServletResponse
      Overrides:
      encodeRedirectURL in class javax.servlet.http.HttpServletResponseWrapper
      Parameters:
      url - URL to be encoded

    • encodeRedirectUrl

      @Deprecated public String encodeRedirectUrl(String s)
      Deprecated.
      Specified by:
      encodeRedirectUrl in interface javax.servlet.http.HttpServletResponse
      Overrides:
      encodeRedirectUrl in class javax.servlet.http.HttpServletResponseWrapper

    • encodeURL

      public String encodeURL(String url)
      Encode the session identifier associated with this response into the specified URL, if necessary.
      Specified by:
      encodeURL in interface javax.servlet.http.HttpServletResponse
      Overrides:
      encodeURL in class javax.servlet.http.HttpServletResponseWrapper
      Parameters:
      url - URL to be encoded

    • encodeUrl

      @Deprecated public String encodeUrl(String s)
      Deprecated.
      Specified by:
      encodeUrl in interface javax.servlet.http.HttpServletResponse
      Overrides:
      encodeUrl in class javax.servlet.http.HttpServletResponseWrapper

    • isEncodeable

      protected boolean isEncodeable(String location)
      Return true if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:
      • The request we are responding to asked for a valid session
      • The requested session ID was not received via a cookie
      • The specified URL points back to somewhere within the web application that is responding to this request
      Parameters:
      location - Absolute URL to be validated
      Returns:
      true if the specified URL should be encoded with a session identifier, false otherwise.

    • isSchemeChar

      public static boolean isSchemeChar(char c)
      Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1
      Parameters:
      c - the character to check
      Returns:
      true if the character is allowed in a URI scheme, false otherwise.

    • toEncoded

      protected String toEncoded(String url, String sessionId)
      Return the specified URL with the specified session identifier suitably encoded.
      Parameters:
      url - URL to be encoded with the session id
      sessionId - Session id to be included in the encoded URL
      Returns:
      the url with the session identifier properly encoded.