net.webpasswordsafe.server.ServerSessionUtil.java Source code

Java tutorial

Introduction

Here is the source code for net.webpasswordsafe.server.ServerSessionUtil.java

Source

/*
Copyright 2010-2015 Josh Drummond
    
This file is part of WebPasswordSafe.
    
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
    
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
    
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/
package net.webpasswordsafe.server;

import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.webpasswordsafe.common.util.Constants;
import net.webpasswordsafe.common.util.Constants.Role;
import org.gwtwidgets.server.spring.ServletUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/**
 * Utilities to access current server session information
 * 
 * @author Josh Drummond
 *
 */
public class ServerSessionUtil {
    private static ThreadLocal<String> usernameRef = new ThreadLocal<String>();
    private static ThreadLocal<Set<Role>> rolesRef = new ThreadLocal<Set<Role>>();
    private static ThreadLocal<String> ipRef = new ThreadLocal<String>();

    public static void invalidateSession() {
        if (getRequest() != null) {
            getRequest().getSession().invalidate();
        }
    }

    public static String getUsername() {
        if (getRequest() != null) {
            usernameRef.set((String) getRequest().getSession().getAttribute(Constants.SESSION_KEY_USERNAME));
        }
        return usernameRef.get();
    }

    @SuppressWarnings("unchecked")
    public static Set<Role> getRoles() {
        if (getRequest() != null) {
            rolesRef.set((Set<Role>) getRequest().getSession().getAttribute(Constants.SESSION_KEY_ROLES));
        }
        return rolesRef.get();
    }

    public static String getIP() {
        if (getRequest() != null) {
            ipRef.set(getRequest().getRemoteAddr());
        }
        return ipRef.get();
    }

    public static void setIP(String ip) {
        ipRef.set(ip);
    }

    public static void setUsername(String username) {
        usernameRef.set(username);
        if (getRequest() != null) {
            if (username != null) {
                getRequest().getSession().setAttribute(Constants.SESSION_KEY_USERNAME, usernameRef.get());
            } else {
                getRequest().getSession().removeAttribute(Constants.SESSION_KEY_USERNAME);
            }
        }
    }

    public static void setRoles(Set<Role> roles) {
        rolesRef.set(roles);
        if (getRequest() != null) {
            if (roles != null) {
                getRequest().getSession().setAttribute(Constants.SESSION_KEY_ROLES, rolesRef.get());
            } else {
                getRequest().getSession().removeAttribute(Constants.SESSION_KEY_ROLES);
            }
        }
    }

    public static void initCsrfSession() {
        HttpSession session = getRequest().getSession(false);
        if (session.isNew() || (session.getAttribute(Constants.CSRF_TOKEN_KEY) == null)) {
            // either new session or old session without csrf token set, so set it
            session.setAttribute(Constants.CSRF_TOKEN_KEY, session.getId());
            Cookie cookie = new Cookie(Constants.CSRF_TOKEN_KEY, session.getId());
            cookie.setPath("".equals(getRequest().getContextPath()) ? "/" : getRequest().getContextPath());
            getResponse().addCookie(cookie);
        }
    }

    public static HttpServletRequest getRequest() {
        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    }

    public static HttpServletResponse getResponse() {
        return ServletUtils.getResponse();
    }

}