Class HttpSessionMutexListener
java.lang.Object
org.camunda.bpm.webapp.impl.security.filter.util.HttpSessionMutexListener
- All Implemented Interfaces:
jakarta.servlet.http.HttpSessionListener
,EventListener
public class HttpSessionMutexListener
extends Object
implements jakarta.servlet.http.HttpSessionListener
Automatically creates a session mutex when a HttpSession
is created. This way, it is guaranteed that the session mutex is
the same object throughout the session lifetime. This is not
100% guaranteed across all possible servlet containers when using
the HttpSession reference itself.
The session mutex can be accessed under the
CsrfConstants.CSRF_SESSION_MUTEX
session attribute and the HttpSessionMutexListener
needs
to be registered as a listener in web.xml
.- Author:
- Nikola Koevski
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
sessionCreated
(jakarta.servlet.http.HttpSessionEvent event) void
sessionDestroyed
(jakarta.servlet.http.HttpSessionEvent event)
-
Field Details
-
AUTH_TIME_SESSION_MUTEX
- See Also:
-
-
Constructor Details
-
HttpSessionMutexListener
public HttpSessionMutexListener()
-
-
Method Details
-
sessionCreated
public void sessionCreated(jakarta.servlet.http.HttpSessionEvent event) - Specified by:
sessionCreated
in interfacejakarta.servlet.http.HttpSessionListener
-
sessionDestroyed
public void sessionDestroyed(jakarta.servlet.http.HttpSessionEvent event) - Specified by:
sessionDestroyed
in interfacejakarta.servlet.http.HttpSessionListener
-