Class HttpSessionMutexListener
- java.lang.Object
-
- org.camunda.bpm.webapp.impl.security.filter.util.HttpSessionMutexListener
-
- All Implemented Interfaces:
java.util.EventListener
,javax.servlet.http.HttpSessionListener
public class HttpSessionMutexListener extends java.lang.Object implements javax.servlet.http.HttpSessionListener
Automatically creates a session mutex when a HttpSession is created. This way, it is guaranteed that the session mutex is the same object throughout the session lifetime. This is not 100% guaranteed across all possible servlet containers when using the HttpSession reference itself. The session mutex can be accessed under theCsrfConstants.CSRF_SESSION_MUTEX
session attribute and theHttpSessionMutexListener
needs to be registered as a listener inweb.xml
.- Author:
- Nikola Koevski
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
AUTH_TIME_SESSION_MUTEX
-
Constructor Summary
Constructors Constructor Description HttpSessionMutexListener()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
sessionCreated(javax.servlet.http.HttpSessionEvent event)
void
sessionDestroyed(javax.servlet.http.HttpSessionEvent event)
-
-
-
Field Detail
-
AUTH_TIME_SESSION_MUTEX
public static final java.lang.String AUTH_TIME_SESSION_MUTEX
- See Also:
- Constant Field Values
-
-
Method Detail
-
sessionCreated
public void sessionCreated(javax.servlet.http.HttpSessionEvent event)
- Specified by:
sessionCreated
in interfacejavax.servlet.http.HttpSessionListener
-
sessionDestroyed
public void sessionDestroyed(javax.servlet.http.HttpSessionEvent event)
- Specified by:
sessionDestroyed
in interfacejavax.servlet.http.HttpSessionListener
-
-