Package org.kuali.rice.krad.web.filter

Class UifSessionTimeoutFilter

java.lang.Object

org.kuali.rice.krad.web.filter.UifSessionTimeoutFilter

All Implemented Interfaces:

javax.servlet.Filter

public class UifSessionTimeoutFilter
extends Object
implements javax.servlet.Filter

Handles session timeouts for KRAD views based on the configured view session policy

IMPORTANT! In order to work correctly this filter should be the first filter invoked (even before the login filter)

Author:

Kuali Rice Team (rice.collab@kuali.org)

Constructor Summary

Constructors

Constructor	Description
UifSessionTimeoutFilter()

Method Summary

Modifier and Type	Method	Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filerChain)	Checks for a session timeout and if one has occurred pulls the view session policy to determine whether a redirect needs to happen
protected String	getRedirectUrl(ViewSessionPolicy sessionPolicy, javax.servlet.http.HttpServletRequest httpServletRequest)	Inspects the given view session policy to determine how the request should be redirected
protected ViewDictionaryService	getViewDictionaryService()	Retrieves implementation of the view dictionary service
protected String	getViewIdFromRequest(javax.servlet.http.HttpServletRequest request)	Attempts to resolve a view id from the given request
protected static ViewService	getViewService()
void	init(javax.servlet.FilterConfig filterConfig)
protected void	sendRedirect(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse, String redirectUrl)	Sends a redirect request either through the standard http redirect mechanism, or by sending back an Ajax response indicating a redirect should occur

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

UifSessionTimeoutFilter

public UifSessionTimeoutFilter()

Method Details

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
 javax.servlet.ServletResponse response,
 javax.servlet.FilterChain filerChain)
              throws IOException,
javax.servlet.ServletException

Checks for a session timeout and if one has occurred pulls the view session policy to determine whether a redirect needs to happen

To determine whether a session timeout has occurred, the filter looks for the existence of a request parameter named UifParameters.SESSION_ID. If found it then compares that id to the id on the current session. If they are different, or a session does not currently exist a timeout is assumed. In addition, if a request was made for a form key and the view has session storage enabled, a check is made to verify the form manager contains a session form. If not this is treated like a session timeout

If a timeout has occurred an attempt is made to resolve a view from the request (based on the view id or type parameters), then the associated ViewSessionPolicy is pulled which indicates how the timeout should be handled. This either results in doing a redirect or nothing

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

See Also:

• Filter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)

getViewIdFromRequest

protected String getViewIdFromRequest(javax.servlet.http.HttpServletRequest request)

Attempts to resolve a view id from the given request

First an attempt will be made to find the view id as a request parameter. If no such request parameter is found, the request will be looked at for view type information and a call will be made to the view service to find the view id by type

If a view id is found it is stuck in the request as an attribute (under the key UifParameters.VIEW_ID) for subsequent retrieval

Parameters:

request - instance to resolve view id for

Returns:

view id if one is found, null if not found

getRedirectUrl

protected String getRedirectUrl(ViewSessionPolicy sessionPolicy,
 javax.servlet.http.HttpServletRequest httpServletRequest)

Inspects the given view session policy to determine how the request should be redirected

The request will either be redirected to the application home, a custom URL, the same request URL but modified to call the sessionTimeout method, or a redirect to show the session timeout view

Parameters:

sessionPolicy - session policy instance to inspect

httpServletRequest - request instance for pulling parameters

Returns:

redirect URL or null if no redirect was configured

sendRedirect

protected void sendRedirect(javax.servlet.http.HttpServletRequest httpServletRequest,
 javax.servlet.http.HttpServletResponse httpServletResponse,
 String redirectUrl)
                     throws IOException

Sends a redirect request either through the standard http redirect mechanism, or by sending back an Ajax response indicating a redirect should occur

Parameters:

httpServletRequest - request instance the timeout occurred for

httpServletResponse - response object that redirect should occur on

redirectUrl - url to redirect to

Throws:

IOException

getViewService

protected static ViewService getViewService()

getViewDictionaryService

protected ViewDictionaryService getViewDictionaryService()

Retrieves implementation of the view dictionary service

Returns:

view dictionary service instance

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

See Also:

• Filter.destroy()