Package org.silverpeas.web.token

Class SessionSynchronizerTokenValidator

java.lang.Object

org.silverpeas.web.token.SessionSynchronizerTokenValidator

All Implemented Interfaces:

javax.servlet.Filter

public class SessionSynchronizerTokenValidator
extends Object
implements javax.servlet.Filter

A validator of a session token for each incoming request. For each protected web resources, the requests are expected to carry a synchronizer token that must match the token mapped with the user session. The request validation is in fact delegated to a SynchronizerTokenService instance; this object just process the status of the validation.

Author:

mmoquillon

Constructor Summary

Constructors

Constructor	Description
SessionSynchronizerTokenValidator()

Method Summary

Modifier and Type	Method	Description
void	destroy()	Destroy method for this filter.
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)	Validates the incoming request is performed within a valid user session.
void	init(javax.servlet.FilterConfig filterConfig)	Init method for this filter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SessionSynchronizerTokenValidator

public SessionSynchronizerTokenValidator()

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Validates the incoming request is performed within a valid user session.

If the request isn't sent within an opened user session, then the user is redirected to the authentication page.

If the request is sent within an opened user session but it doesn't carry a valid session synchronizer token, then it is rejected and a forbidden status is sent back.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

request - The servlet request to validate.

response - The servlet response to sent back.

chain - The filter chain we are processing

Throws:

IOException - if an input/output error occurs

javax.servlet.ServletException - if a servlet error occurs

destroy

public void destroy()

Destroy method for this filter.

Specified by:

destroy in interface javax.servlet.Filter

init

public void init(javax.servlet.FilterConfig filterConfig)

Init method for this filter

Specified by:

init in interface javax.servlet.Filter

Parameters:

filterConfig - the configuration of this filter.