me.geso.avans.session

Class DefaultWebSessionManager

java.lang.Object

me.geso.avans.session.DefaultWebSessionManager

All Implemented Interfaces:

WebSessionManager

public class DefaultWebSessionManager
extends Object
implements WebSessionManager

Constructor Summary

Constructors

Constructor and Description
DefaultWebSessionManager(javax.servlet.http.HttpServletRequest request, WebSessionStore sessionStore, SessionIDGenerator sessionIDGenerator, SessionCookieFactory sessionCookieFactory, XSRFTokenCookieFactory xsrfTokenCookieFactory)

Method Summary

Modifier and Type	Method and Description
void	changeSessionId() Change session ID. This method is required for defending from session fixation attack.
void	expire() Expire current session.
OptionalLong	getLong(String key) Get Long value from current Session.
String	getSessionId() Get sesion ID
Optional<String>	getString(String key) Get String value from current session.
String	getXSRFToken()
void	remove(String key) Remove data from the storage.
void	responseFilter(me.geso.webscrew.response.WebResponse response) This method may inject Cookie header to the session object.
void	setLong(String key, long value) Set Long value to the current session.
void	setString(String key, String value) Set String value to current session.
boolean	validateXSRFToken(String xsrfToken) Validate xsrf token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultWebSessionManager

public DefaultWebSessionManager(javax.servlet.http.HttpServletRequest request,
                                WebSessionStore sessionStore,
                                SessionIDGenerator sessionIDGenerator,
                                SessionCookieFactory sessionCookieFactory,
                                XSRFTokenCookieFactory xsrfTokenCookieFactory)

Method Detail

getSessionId

public String getSessionId()

Description copied from interface: WebSessionManager

Get sesion ID

Specified by:

getSessionId in interface WebSessionManager

setString

public void setString(String key,
                      String value)

Description copied from interface: WebSessionManager

Set String value to current session.

Specified by:

setString in interface WebSessionManager

setLong

public void setLong(String key,
                    long value)

Description copied from interface: WebSessionManager

Set Long value to the current session.

Specified by:

setLong in interface WebSessionManager

getString

public Optional<String> getString(String key)

Description copied from interface: WebSessionManager

Get String value from current session.

Specified by:

getString in interface WebSessionManager

Returns:

getLong

public OptionalLong getLong(String key)

Description copied from interface: WebSessionManager

Get Long value from current Session.

Specified by:

getLong in interface WebSessionManager

Returns:

remove

public void remove(String key)

Description copied from interface: WebSessionManager

Remove data from the storage.

Specified by:

remove in interface WebSessionManager

validateXSRFToken

public boolean validateXSRFToken(String xsrfToken)

Validate xsrf token.

Specified by:

validateXSRFToken in interface WebSessionManager

Parameters:

xsrfToken - xsrf token from http servlet request. This value is nullable.

Returns:

true if the xsrf token is valid or session doesn't have a previous data. false otherwise.

responseFilter

public void responseFilter(me.geso.webscrew.response.WebResponse response)

Description copied from interface: WebSessionManager

This method may inject Cookie header to the session object.

Specified by:

responseFilter in interface WebSessionManager

getXSRFToken

public String getXSRFToken()

Specified by:

getXSRFToken in interface WebSessionManager

expire

public void expire()

Description copied from interface: WebSessionManager

Expire current session. Session manager impl will remove the data from storage.

Specified by:

expire in interface WebSessionManager

changeSessionId

public void changeSessionId()

Description copied from interface: WebSessionManager

Change session ID.
This method is required for defending from session fixation attack.

Specified by:

changeSessionId in interface WebSessionManager