org.apache.shiro.web.servlet

Class ShiroHttpServletResponse


  • public class ShiroHttpServletResponse
extends HttpServletResponseWrapper
    HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.

    It is only used when using Shiro's native Session Management configuration (and not when using the Servlet Container session configuration, which is Shiro's default in a web environment). Because the servlet container already performs url encoding of its own session ids, instances of this class are only needed when using Shiro native sessions.

    Note that this implementation relies in part on source code from the Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all regular licenses and conditions have remained in tact.
    Since:
    0.2

    • Constructor Detail

      • ShiroHttpServletResponse

        public ShiroHttpServletResponse(HttpServletResponse wrapped,
                                ServletContext context,
                                ShiroHttpServletRequest request)

    • Method Detail

      • getContext

        public ServletContext getContext()

      • setContext

        public void setContext(ServletContext context)

      • encodeRedirectURL

        public String encodeRedirectURL(String url)
        Encode the session identifier associated with this response into the specified redirect URL, if necessary.
        Parameters:
        url - URL to be encoded

      • encodeRedirectUrl

        public String encodeRedirectUrl(String s)

      • encodeURL

        public String encodeURL(String url)
        Encode the session identifier associated with this response into the specified URL, if necessary.
        Parameters:
        url - URL to be encoded

      • isEncodeable

        protected boolean isEncodeable(String location)
        Return true if the specified URL should be encoded with a session identifier. This will be true if all of the following conditions are met:
        • The request we are responding to asked for a valid session
        • The requested session ID was not received via a cookie
        • The specified URL points back to somewhere within the web application that is responding to this request
        Parameters:
        location - Absolute URL to be validated
        Returns:
        true if the specified URL should be encoded with a session identifier, false otherwise.

      • isSchemeChar

        public static boolean isSchemeChar(char c)
        Determine if the character is allowed in the scheme of a URI. See RFC 2396, Section 3.1
        Parameters:
        c - the character to check
        Returns:
        true if the character is allowed in a URI scheme, false otherwise.

      • toEncoded

        protected String toEncoded(String url,
                           String sessionId)
        Return the specified URL with the specified session identifier suitably encoded.
        Parameters:
        url - URL to be encoded with the session id
        sessionId - Session id to be included in the encoded URL
        Returns:
        the url with the session identifer properly encoded.