Announcement Announcement Module
Collapse
No announcement yet.
filtering on expired sessions Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • filtering on expired sessions

    greetings all,

    I work on a spring3.x/Hibernate/freemarker/Java webapp built up that has multiple flows, with each flow having mulitple states and views, some of which contain an email address field of the form:
    <@spring.formInput "xxxxx.userInformation.email" "onchange='updateEmail()'" />
    where xxxxx denotes numerous classes.

    I'm trying to set up a Spring Filter that will send a "thanks for visiting" email to the address entered in the field ONLY IF the session expires before the user moves on to the next state in the flow, and I could use some help. I've studied the Spring Security reference doc here

    Here's what I have so far:

    in my web.xml
    Code:
        <filter>
          <filter-name>ExpiredSessionFilterII</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          <init-param>
            <param-name>targetBeanName</param-name>
            <param-value>expiredSessionFilterII</param-value>
          </init-param> 
        </filter>
        
        <filter-mapping>
          <filter-name>ExpiredSessionFilterII</filter-name>
          <servlet-name>appServlet</servlet-name>
        </filter-mapping>
    in my servlet-context.xml
    Code:
    <!--  spring session management start -->
    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
    
    <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="100" />
    </beans:bean>
    
    <beans:bean id="concurrencyFilter"  class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl"      value="/session-expired.htm" />
    </beans:bean>
    
    <http>
        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <session-management session-authentication-strategy-ref="sas"/>
    </http>
    <!--  spring session management end-->
    and my filter itself
    Code:
    public class ExpiredSessionFilterII implements Filter
    {
    	private static final Logger logger = Logger.getLogger(ExpiredSessionFilterII.class);
    	
    	private FilterConfig filterConfig;
    	
    	private SessionInformation sessionInformation;
    	private ServletContext servletContext;
    //	private SecurityContextRepository repo = new SecurityContextRepository();
    	  
    	public void init(FilterConfig filterConfig) throws ServletException
    	{
      	   this.filterConfig = filterConfig;
    	}
    	 
    	public void destroy()
    	{
            this.filterConfig = null;
    	}
    	 
    	public void doFilter(
            ServletRequest request,
            ServletResponse response,
    	    FilterChain chain)
    	throws IOException, ServletException
        {
    		HttpServletRequest  httpRequest  = (HttpServletRequest)  request;
    		HttpServletResponse httpResponse = (HttpServletResponse) response;
    		String url = httpRequest.getServletPath();
    		HttpSession session = null;
    		
    		servletContext = this.filterConfig.getServletContext();
    
    		if( httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) {
    		    session = httpRequest.getSession(false);
    		    if( session == null) {
                           ......
                         }
                      }
           }
    }
    am I on the right track? Where do I go from here?


    TIA,

    Still-learning Steve
Working...
X