filtering on expired sessions
greetings all,
I work on a spring3.x/Hibernate/freemarker/Java webapp built up that has multiple flows, with each flow having mulitple states and views, some of which contain an email address field of the form:
<@spring.formInput "xxxxx.userInformation.email" "onchange='updateEmail()'" />
where xxxxx denotes numerous classes.
I'm trying to set up a Spring Filter that will send a "thanks for visiting" email to the address entered in the field ONLY IF the session expires before the user moves on to the next state in the flow, and I could use some help. I've studied the Spring Security reference doc here
Here's what I have so far:
in my web.xml
in my servlet-context.xmlCode:<filter> <filter-name>ExpiredSessionFilterII</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetBeanName</param-name> <param-value>expiredSessionFilterII</param-value> </init-param> </filter> <filter-mapping> <filter-name>ExpiredSessionFilterII</filter-name> <servlet-name>appServlet</servlet-name> </filter-mapping>
and my filter itselfCode:<!-- spring session management start --> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="maximumSessions" value="100" /> </beans:bean> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/session-expired.htm" /> </beans:bean> <http> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <session-management session-authentication-strategy-ref="sas"/> </http> <!-- spring session management end-->
am I on the right track? Where do I go from here?Code:public class ExpiredSessionFilterII implements Filter { private static final Logger logger = Logger.getLogger(ExpiredSessionFilterII.class); private FilterConfig filterConfig; private SessionInformation sessionInformation; private ServletContext servletContext; // private SecurityContextRepository repo = new SecurityContextRepository(); public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { this.filterConfig = null; } public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String url = httpRequest.getServletPath(); HttpSession session = null; servletContext = this.filterConfig.getServletContext(); if( httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) { session = httpRequest.getSession(false); if( session == null) { ...... } } } }
TIA,
Still-learning Steve
Reply With Quote