Package org.camunda.bpm.webapp.impl.security.filter.util

Class HttpSessionMutexListener

java.lang.Object

org.camunda.bpm.webapp.impl.security.filter.util.HttpSessionMutexListener

All Implemented Interfaces:

jakarta.servlet.http.HttpSessionListener, EventListener

public class HttpSessionMutexListener
extends Object
implements jakarta.servlet.http.HttpSessionListener

Automatically creates a session mutex when a HttpSession is created. This way, it is guaranteed that the session mutex is the same object throughout the session lifetime. This is not 100% guaranteed across all possible servlet containers when using the HttpSession reference itself. The session mutex can be accessed under the CsrfConstants.CSRF_SESSION_MUTEX session attribute and the HttpSessionMutexListener needs to be registered as a listener in web.xml.

Author:

Nikola Koevski

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTH_TIME_SESSION_MUTEX

Constructor Summary

Constructors

Constructor	Description
HttpSessionMutexListener()

Method Summary

Modifier and Type	Method	Description
void	sessionCreated(jakarta.servlet.http.HttpSessionEvent event)
void	sessionDestroyed(jakarta.servlet.http.HttpSessionEvent event)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AUTH_TIME_SESSION_MUTEX

public static final String AUTH_TIME_SESSION_MUTEX

See Also:

• Constant Field Values

Constructor Details

HttpSessionMutexListener

public HttpSessionMutexListener()

Method Details

sessionCreated

public void sessionCreated(jakarta.servlet.http.HttpSessionEvent event)

Specified by:

sessionCreated in interface jakarta.servlet.http.HttpSessionListener

sessionDestroyed

public void sessionDestroyed(jakarta.servlet.http.HttpSessionEvent event)

Specified by:

sessionDestroyed in interface jakarta.servlet.http.HttpSessionListener