[seam-commits] Seam SVN: r8257 - trunk/examples/wiki/src/main/org/jboss/seam/wiki/core/ui.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed May 21 12:08:28 EDT 2008
Author: christian.bauer at jboss.com
Date: 2008-05-21 12:08:28 -0400 (Wed, 21 May 2008)
New Revision: 8257
Added:
trunk/examples/wiki/src/main/org/jboss/seam/wiki/core/ui/WikiUrlSessionIdFilter.java
Log:
JBSEAM-3018, disable URL session id rewriting
Added: trunk/examples/wiki/src/main/org/jboss/seam/wiki/core/ui/WikiUrlSessionIdFilter.java
===================================================================
--- trunk/examples/wiki/src/main/org/jboss/seam/wiki/core/ui/WikiUrlSessionIdFilter.java (rev 0)
+++ trunk/examples/wiki/src/main/org/jboss/seam/wiki/core/ui/WikiUrlSessionIdFilter.java 2008-05-21 16:08:28 UTC (rev 8257)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.seam.wiki.core.ui;
+
+import org.jboss.seam.ScopeType;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.annotations.web.Filter;
+import org.jboss.seam.web.AbstractFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+/**
+ * Removes jsessionid from encoded URLs, see http://jira.jboss.com/jira/browse/JBSEAM-3018
+ *
+ * More details: http://foreverprecio.us/groovy_tech
+ *
+ * @author Christian Bauer
+ */
+ at Startup
+ at Scope(ScopeType.APPLICATION)
+ at Name("wikiUrlSessionIdFilter")
+ at BypassInterceptors
+ at Filter
+public class WikiUrlSessionIdFilter extends AbstractFilter {
+
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ throws IOException, ServletException {
+
+ if (!(req instanceof HttpServletRequest)) {
+ chain.doFilter(req, res);
+ return;
+ }
+
+ HttpServletRequest request = (HttpServletRequest) req;
+ HttpServletResponse response = (HttpServletResponse) res;
+
+ // Redirect requests with JSESSIONID in URL to clean version (old links bookmarked/stored by bots)
+ // This is ONLY triggered if the request did not also contain a JSESSIONID cookie! Which should be fine for bots...
+ if (request.isRequestedSessionIdFromURL()) {
+ String url = request.getRequestURL()
+ .append(request.getQueryString() != null ? "?"+request.getQueryString() : "")
+ .toString();
+ // TODO: The url is clean, at least in Tomcat, which strips out the JSESSIONID path parameter automatically (Jetty does not?!)
+ response.setHeader("Location", url);
+ response.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY);
+ return;
+ }
+
+ // Prevent rendering of JSESSIONID in URLs for all outgoing links
+ HttpServletResponseWrapper wrappedResponse =
+ new HttpServletResponseWrapper(response) {
+ @Override
+ public String encodeRedirectUrl(String url) {
+ return url;
+ }
+
+ @Override
+ public String encodeRedirectURL(String url) {
+ return url;
+ }
+
+ @Override
+ public String encodeUrl(String url) {
+ return url;
+ }
+
+ @Override
+ public String encodeURL(String url) {
+ return url;
+ }
+ };
+ chain.doFilter(req, wrappedResponse);
+
+ }
+}
More information about the seam-commits
mailing list