sample.session.SessionDetailsFilter.java Source code

Java tutorial

Introduction

Here is the source code for sample.session.SessionDetailsFilter.java

Source

/*
 * Copyright 2014-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package sample.session;

import java.io.IOException;
import java.net.InetAddress;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.maxmind.geoip2.DatabaseReader;
import com.maxmind.geoip2.model.CityResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

/**
 * Inserts the session details into the session for every request. Some users may prefer
 * to insert session details only after authentication. This is fine, but it may be
 * valuable to the most up to date information so that if someone stole the user's session
 * id it can be observed.
 *
 * @author Rob Winch
 *
 */
// tag::class[]
@Component
@Order(Ordered.HIGHEST_PRECEDENCE + 101)
public class SessionDetailsFilter extends OncePerRequestFilter {
    static final String UNKNOWN = "Unknown";

    private DatabaseReader reader;

    @Autowired
    public SessionDetailsFilter(DatabaseReader reader) {
        this.reader = reader;
    }

    // tag::dofilterinternal[]
    public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        chain.doFilter(request, response);

        HttpSession session = request.getSession(false);
        if (session != null) {
            String remoteAddr = getRemoteAddress(request);
            String geoLocation = getGeoLocation(remoteAddr);

            SessionDetails details = new SessionDetails();
            details.setAccessType(request.getHeader("User-Agent"));
            details.setLocation(remoteAddr + " " + geoLocation);

            session.setAttribute("SESSION_DETAILS", details);
        }
    }
    // end::dofilterinternal[]

    String getGeoLocation(String remoteAddr) {
        try {
            CityResponse city = this.reader.city(InetAddress.getByName(remoteAddr));
            String cityName = city.getCity().getName();
            String countryName = city.getCountry().getName();
            if (cityName == null && countryName == null) {
                return null;
            } else if (cityName == null) {
                return countryName;
            } else if (countryName == null) {
                return cityName;
            }
            return cityName + ", " + countryName;
        } catch (Exception e) {
            return UNKNOWN;

        }
    }

    private String getRemoteAddress(HttpServletRequest request) {
        String remoteAddr = request.getHeader("X-FORWARDED-FOR");
        if (remoteAddr == null) {
            remoteAddr = request.getRemoteAddr();
        } else if (remoteAddr.contains(",")) {
            remoteAddr = remoteAddr.split(",")[0];
        }
        return remoteAddr;
    }
}
// end::class[]