Package io.undertow.servlet.spec

Class SessionCookieConfigImpl

java.lang.Object
io.undertow.servlet.spec.SessionCookieConfigImpl
All Implemented Interfaces:
SessionConfig, SessionCookieConfig
public class SessionCookieConfigImpl extends Object implements SessionCookieConfig, SessionConfig
Author:
Stuart Douglas

  • Nested Class Summary

    Nested classes/interfaces inherited from interface io.undertow.server.session.SessionConfig

    SessionConfig.SessionCookieSource

  • Field Summary

    Fields inherited from interface io.undertow.server.session.SessionConfig

    ATTACHMENT_KEY

  • Constructor Summary

    Constructors
    Constructor
    Description
    SessionCookieConfigImpl(ServletContextImpl servletContext)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    clearSession(HttpServerExchange exchange, String sessionId)
    Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.
    String
    findSessionId(HttpServerExchange exchange)
    Retrieves a session id of an existing session from an exchange.
    String
    getAttribute(String name)
    Obtain the value for a given session cookie attribute.
    Map<String,String>
    getAttributes()
    Obtain the Map (keys are case insensitive) of all attributes and values, including those set via the attribute specific setters, (excluding version) for this SessionCookieConfig.
    String
    getComment()
    Deprecated.
    String
    getDomain()
    Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    SessionConfig
    getFallback()
     
    int
    getMaxAge()
    Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    String
    getName()
    Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    String
    getPath()
    Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    boolean
    isHttpOnly()
    Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
    boolean
    isSecure()
    Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
    String
    rewriteUrl(String originalUrl, String sessionid)
     
    SessionConfig.SessionCookieSource
    sessionCookieSource(HttpServerExchange exchange)
     
    void
    setAttribute(String name, String value)
    Sets the value for the given session cookie attribute.
    void
    setComment(String comment)
    Deprecated.
    void
    setDomain(String domain)
    Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    void
    setFallback(SessionConfig fallback)
     
    void
    setHttpOnly(boolean httpOnly)
    Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.
    void
    setMaxAge(int maxAge)
    Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    void
    setName(String name)
    Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    void
    setPath(String path)
    Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
    void
    setSecure(boolean secure)
    Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.
    void
    setSessionId(HttpServerExchange exchange, String sessionId)
    Attaches the session to the exchange.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SessionCookieConfigImpl

      public SessionCookieConfigImpl(ServletContextImpl servletContext)

  • Method Details

    • rewriteUrl

      public String rewriteUrl(String originalUrl, String sessionid)
      Specified by:
      rewriteUrl in interface SessionConfig

    • setSessionId

      public void setSessionId(HttpServerExchange exchange, String sessionId)
      Description copied from interface: SessionConfig
      Attaches the session to the exchange. The method should attach the exchange under an attachment key, and should also modify the exchange to allow the session to be re-attached on the next request.

      Generally this will involve setting a cookie

      Once a session has been attached it must be possible to retrieve it via SessionConfig.findSessionId(io.undertow.server.HttpServerExchange)

      Specified by:
      setSessionId in interface SessionConfig
      Parameters:
      exchange - The exchange
      sessionId - The session

    • clearSession

      public void clearSession(HttpServerExchange exchange, String sessionId)
      Description copied from interface: SessionConfig
      Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.
      Specified by:
      clearSession in interface SessionConfig
      Parameters:
      exchange - The exchange
      sessionId - The session id

    • findSessionId

      public String findSessionId(HttpServerExchange exchange)
      Description copied from interface: SessionConfig
      Retrieves a session id of an existing session from an exchange.
      Specified by:
      findSessionId in interface SessionConfig
      Parameters:
      exchange - The exchange
      Returns:
      The session id, or null

    • sessionCookieSource

      public SessionConfig.SessionCookieSource sessionCookieSource(HttpServerExchange exchange)
      Specified by:
      sessionCookieSource in interface SessionConfig

    • getName

      public String getName()
      Description copied from interface: SessionCookieConfig
      Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

      By default, JSESSIONID will be used as the cookie name.

      Specified by:
      getName in interface SessionCookieConfig
      Returns:
      the cookie name set via SessionCookieConfig.setName(java.lang.String), or null if SessionCookieConfig.setName(java.lang.String) was never called
      See Also:

    • setName

      public void setName(String name)
      Description copied from interface: SessionCookieConfig
      Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

      NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.

      Specified by:
      setName in interface SessionCookieConfig
      Parameters:
      name - the cookie name to use

    • getDomain

      public String getDomain()
      Description copied from interface: SessionCookieConfig
      Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      Specified by:
      getDomain in interface SessionCookieConfig
      Returns:
      the cookie domain set via SessionCookieConfig.setDomain(java.lang.String), or null if SessionCookieConfig.setDomain(java.lang.String) was never called
      See Also:

    • setDomain

      public void setDomain(String domain)
      Description copied from interface: SessionCookieConfig
      Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      Specified by:
      setDomain in interface SessionCookieConfig
      Parameters:
      domain - the cookie domain to use
      See Also:

    • getPath

      public String getPath()
      Description copied from interface: SessionCookieConfig
      Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

      By default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.

      Specified by:
      getPath in interface SessionCookieConfig
      Returns:
      the cookie path set via SessionCookieConfig.setPath(java.lang.String), or null if SessionCookieConfig.setPath(java.lang.String) was never called
      See Also:

    • setPath

      public void setPath(String path)
      Description copied from interface: SessionCookieConfig
      Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      Specified by:
      setPath in interface SessionCookieConfig
      Parameters:
      path - the cookie path to use
      See Also:

    • getComment

      @Deprecated public String getComment()
      Deprecated.
      Description copied from interface: SessionCookieConfig
      With the adoption of support for RFC 6265, this method should no longer be used.
      Specified by:
      getComment in interface SessionCookieConfig
      Returns:
      Always null
      See Also:

    • setComment

      @Deprecated public void setComment(String comment)
      Deprecated.
      Description copied from interface: SessionCookieConfig
      With the adoption of support for RFC 6265, this method should no longer be used.

      If called, this method has no effect.

      Specified by:
      setComment in interface SessionCookieConfig
      Parameters:
      comment - ignore
      See Also:

    • isHttpOnly

      public boolean isHttpOnly()
      Description copied from interface: SessionCookieConfig
      Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
      Specified by:
      isHttpOnly in interface SessionCookieConfig
      Returns:
      true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly, false otherwise
      See Also:

    • setHttpOnly

      public void setHttpOnly(boolean httpOnly)
      Description copied from interface: SessionCookieConfig
      Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.

      A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

      Specified by:
      setHttpOnly in interface SessionCookieConfig
      Parameters:
      httpOnly - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as HttpOnly, false otherwise
      See Also:

    • isSecure

      public boolean isSecure()
      Description copied from interface: SessionCookieConfig
      Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
      Specified by:
      isSecure in interface SessionCookieConfig
      Returns:
      true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they will be marked as secure only if the request that initiated the corresponding session was also secure
      See Also:

    • setSecure

      public void setSecure(boolean secure)
      Description copied from interface: SessionCookieConfig
      Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

      One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.

      Specified by:
      setSecure in interface SessionCookieConfig
      Parameters:
      secure - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they shall be marked as secure only if the request that initiated the corresponding session was also secure
      See Also:

    • getMaxAge

      public int getMaxAge()
      Description copied from interface: SessionCookieConfig
      Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

      By default, -1 is returned.

      Specified by:
      getMaxAge in interface SessionCookieConfig
      Returns:
      the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired, or -1 (the default)
      See Also:

    • setMaxAge

      public void setMaxAge(int maxAge)
      Description copied from interface: SessionCookieConfig
      Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      Specified by:
      setMaxAge in interface SessionCookieConfig
      Parameters:
      maxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      See Also:

    • getFallback

      public SessionConfig getFallback()

    • setFallback

      public void setFallback(SessionConfig fallback)

    • setAttribute

      public void setAttribute(String name, String value)
      Description copied from interface: SessionCookieConfig
      Sets the value for the given session cookie attribute. When a value is set via this method, the value returned by the attribute specific getter (if any) must be consistent with the value set via this method.
      Specified by:
      setAttribute in interface SessionCookieConfig
      Parameters:
      name - Name of attribute to set, case insensitive
      value - Value of attribute

    • getAttribute

      public String getAttribute(String name)
      Description copied from interface: SessionCookieConfig
      Obtain the value for a given session cookie attribute. Values returned from this method must be consistent with the values set and returned by the attribute specific getters and setters in this class.
      Specified by:
      getAttribute in interface SessionCookieConfig
      Parameters:
      name - Name of attribute to return, case insensitive
      Returns:
      Value of specified attribute

    • getAttributes

      public Map<String,String> getAttributes()
      Description copied from interface: SessionCookieConfig
      Obtain the Map (keys are case insensitive) of all attributes and values, including those set via the attribute specific setters, (excluding version) for this SessionCookieConfig.
      Specified by:
      getAttributes in interface SessionCookieConfig
      Returns:
      A read-only Map of attributes to values, excluding version.