001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.sessionid;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.CookieKeys;
020    import com.liferay.portal.kernel.util.StringPool;
021    import com.liferay.portal.kernel.util.Validator;
022    
023    import javax.servlet.http.Cookie;
024    import javax.servlet.http.HttpServletRequest;
025    import javax.servlet.http.HttpServletRequestWrapper;
026    import javax.servlet.http.HttpServletResponse;
027    import javax.servlet.http.HttpSession;
028    
029    /**
030     * @author Brian Wing Shun Chan
031     */
032    public class SessionIdServletRequest extends HttpServletRequestWrapper {
033    
034            public SessionIdServletRequest(
035                    HttpServletRequest request, HttpServletResponse response) {
036    
037                    super(request);
038    
039                    _response = response;
040            }
041    
042            @Override
043            public HttpSession getSession() {
044                    HttpSession session = super.getSession();
045    
046                    process(session);
047    
048                    return session;
049            }
050    
051            @Override
052            public HttpSession getSession(boolean create) {
053                    HttpSession session = super.getSession(create);
054    
055                    process(session);
056    
057                    return session;
058            }
059    
060            protected void process(HttpSession session) {
061                    if ((session == null) || !session.isNew() || !isSecure() ||
062                            isRequestedSessionIdFromCookie()) {
063    
064                            return;
065                    }
066    
067                    Object jsessionIdAlreadySet = getAttribute(_JESSIONID_ALREADY_SET);
068    
069                    if (jsessionIdAlreadySet != null) {
070                            return;
071                    }
072    
073                    if (_log.isDebugEnabled()) {
074                            _log.debug("Processing " + session.getId());
075                    }
076    
077                    Cookie cookie = new Cookie(_JESSIONID, session.getId());
078    
079                    cookie.setMaxAge(-1);
080    
081                    String contextPath = getContextPath();
082    
083                    if (Validator.isNotNull(contextPath)) {
084                            cookie.setPath(contextPath);
085                    }
086                    else {
087                            cookie.setPath(StringPool.SLASH);
088                    }
089    
090                    CookieKeys.addCookie(
091                            (HttpServletRequest)super.getRequest(), _response, cookie);
092    
093                    setAttribute(_JESSIONID_ALREADY_SET, Boolean.TRUE);
094            }
095    
096            private static final String _JESSIONID = "JSESSIONID";
097    
098            private static final String _JESSIONID_ALREADY_SET =
099                    "JESSIONID_ALREADY_SET";
100    
101            private static Log _log = LogFactoryUtil.getLog(
102                    SessionIdServletRequest.class);
103    
104            private HttpServletResponse _response;
105    
106    }