Java tutorial
/* Copyright 2010-2015 Josh Drummond This file is part of WebPasswordSafe. WebPasswordSafe is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. WebPasswordSafe is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with WebPasswordSafe; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ package net.webpasswordsafe.server; import java.util.Set; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import net.webpasswordsafe.common.util.Constants; import net.webpasswordsafe.common.util.Constants.Role; import org.gwtwidgets.server.spring.ServletUtils; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; /** * Utilities to access current server session information * * @author Josh Drummond * */ public class ServerSessionUtil { private static ThreadLocal<String> usernameRef = new ThreadLocal<String>(); private static ThreadLocal<Set<Role>> rolesRef = new ThreadLocal<Set<Role>>(); private static ThreadLocal<String> ipRef = new ThreadLocal<String>(); public static void invalidateSession() { if (getRequest() != null) { getRequest().getSession().invalidate(); } } public static String getUsername() { if (getRequest() != null) { usernameRef.set((String) getRequest().getSession().getAttribute(Constants.SESSION_KEY_USERNAME)); } return usernameRef.get(); } @SuppressWarnings("unchecked") public static Set<Role> getRoles() { if (getRequest() != null) { rolesRef.set((Set<Role>) getRequest().getSession().getAttribute(Constants.SESSION_KEY_ROLES)); } return rolesRef.get(); } public static String getIP() { if (getRequest() != null) { ipRef.set(getRequest().getRemoteAddr()); } return ipRef.get(); } public static void setIP(String ip) { ipRef.set(ip); } public static void setUsername(String username) { usernameRef.set(username); if (getRequest() != null) { if (username != null) { getRequest().getSession().setAttribute(Constants.SESSION_KEY_USERNAME, usernameRef.get()); } else { getRequest().getSession().removeAttribute(Constants.SESSION_KEY_USERNAME); } } } public static void setRoles(Set<Role> roles) { rolesRef.set(roles); if (getRequest() != null) { if (roles != null) { getRequest().getSession().setAttribute(Constants.SESSION_KEY_ROLES, rolesRef.get()); } else { getRequest().getSession().removeAttribute(Constants.SESSION_KEY_ROLES); } } } public static void initCsrfSession() { HttpSession session = getRequest().getSession(false); if (session.isNew() || (session.getAttribute(Constants.CSRF_TOKEN_KEY) == null)) { // either new session or old session without csrf token set, so set it session.setAttribute(Constants.CSRF_TOKEN_KEY, session.getId()); Cookie cookie = new Cookie(Constants.CSRF_TOKEN_KEY, session.getId()); cookie.setPath("".equals(getRequest().getContextPath()) ? "/" : getRequest().getContextPath()); getResponse().addCookie(cookie); } } public static HttpServletRequest getRequest() { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); } public static HttpServletResponse getResponse() { return ServletUtils.getResponse(); } }