Package org.camunda.bpm.webapp.impl.security.filter.util

Class HttpSessionMutexListener

  • All Implemented Interfaces:
    java.util.EventListener, javax.servlet.http.HttpSessionListener
    public class HttpSessionMutexListener
extends java.lang.Object
implements javax.servlet.http.HttpSessionListener
    Automatically creates a session mutex when a HttpSession is created. This way, it is guaranteed that the session mutex is the same object throughout the session lifetime. This is not 100% guaranteed across all possible servlet containers when using the HttpSession reference itself. The session mutex can be accessed under the CsrfConstants.CSRF_SESSION_MUTEX session attribute and the HttpSessionMutexListener needs to be registered as a listener in web.xml.
    Author:
    Nikola Koevski

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void sessionCreated​(javax.servlet.http.HttpSessionEvent event)  
      void sessionDestroyed​(javax.servlet.http.HttpSessionEvent event)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • AUTH_TIME_SESSION_MUTEX

        public static final java.lang.String AUTH_TIME_SESSION_MUTEX
        See Also:
        Constant Field Values

    • Constructor Detail

      • HttpSessionMutexListener

        public HttpSessionMutexListener()

    • Method Detail

      • sessionCreated

        public void sessionCreated​(javax.servlet.http.HttpSessionEvent event)
        Specified by:
        sessionCreated in interface javax.servlet.http.HttpSessionListener

      • sessionDestroyed

        public void sessionDestroyed​(javax.servlet.http.HttpSessionEvent event)
        Specified by:
        sessionDestroyed in interface javax.servlet.http.HttpSessionListener