Announcement Announcement Module
No announcement yet.
filtering on expired sessions Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • filtering on expired sessions

    greetings all,

    I work on a spring3.x/Hibernate/freemarker/Java webapp built up that has multiple flows, with each flow having mulitple states and views, some of which contain an email address field of the form:
    <@spring.formInput "" "onchange='updateEmail()'" />
    where xxxxx denotes numerous classes.

    I'm trying to set up a Spring Filter that will send a "thanks for visiting" email to the address entered in the field ONLY IF the session expires before the user moves on to the next state in the flow, and I could use some help. I've studied the Spring Security reference doc here

    Here's what I have so far:

    in my web.xml
    in my servlet-context.xml
    <!--  spring session management start -->
    <beans:bean id="sessionRegistry" class="" />
    <beans:bean id="sas" class="">
        <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="100" />
    <beans:bean id="concurrencyFilter"  class="">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl"      value="/session-expired.htm" />
        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <session-management session-authentication-strategy-ref="sas"/>
    <!--  spring session management end-->
    and my filter itself
    public class ExpiredSessionFilterII implements Filter
    	private static final Logger logger = Logger.getLogger(ExpiredSessionFilterII.class);
    	private FilterConfig filterConfig;
    	private SessionInformation sessionInformation;
    	private ServletContext servletContext;
    //	private SecurityContextRepository repo = new SecurityContextRepository();
    	public void init(FilterConfig filterConfig) throws ServletException
      	   this.filterConfig = filterConfig;
    	public void destroy()
            this.filterConfig = null;
    	public void doFilter(
            ServletRequest request,
            ServletResponse response,
    	    FilterChain chain)
    	throws IOException, ServletException
    		HttpServletRequest  httpRequest  = (HttpServletRequest)  request;
    		HttpServletResponse httpResponse = (HttpServletResponse) response;
    		String url = httpRequest.getServletPath();
    		HttpSession session = null;
    		servletContext = this.filterConfig.getServletContext();
    		if( httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) {
    		    session = httpRequest.getSession(false);
    		    if( session == null) {
    am I on the right track? Where do I go from here?


    Still-learning Steve