Import javax. servlet .*;
Import javax. servlet. http. httpservletrequest;
Import javax. servlet. http. httpservletresponse;
Import javax. servlet. http. httpservletresponsewrapper;
Import javax. servlet. http. httpsession;
Import java. Io. ioexception;
/**
* Servlet filter which disables URL-encoded session identifiers.
* <P/>
* <PRE>
* Copyright (c) 2006, Craig Condit. All rights reserved.
* <P/>
* Redistribution and use in source and binary forms, with or
* Modification, are permitted provided that the following conditions are met:
* <P/>
** Redistributions of source code must retain the above copyright notice,
* This list of conditions and the following disclawing.
** Redistributions in binary form must reproduce the above copyright notice,
* This list of conditions and the following disclawing in the documentation
* And/or other materials provided with the distribution.
* <P/>
* This software is provided by the copyright holders and contributors "as is"
* And any express or implied warranties, including, but not limited to,
* Implied warranties of merchantability and fitness for a particle Purpose
* Are disclaimed. In no event shall the copyright owner or contributors be
* Liable for any direct, indirect, incidental, special, exemplary, or
* Consequential damages (including, but not limited to, procurement
* Substitute goods or services; loss of use, data, or profits; or business
* Interruption) however caused and on any theory of liability, whether in
* Contract, strict liability, or tort (including negligence or otherwise)
* Arising in any way out of the use of this software, even if advised of
* Possibility of such damage.
* </PRE>
*/
@ Suppresswarnings ("deprecation ")
Public class disableurlsessionfilter implements filter {
/**
* Filters requests to disable URL-based session identifiers.
*/
Public void dofilter (servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception {
// Skip non-HTTP requests
If (! (Request instanceof httpservletrequest )){
Chain. dofilter (request, response );
Return;
}
Httpservletrequest httprequest = (httpservletrequest) request;
Httpservletresponse httpresponse = (httpservletresponse) response;
// Clear session if session ID in URL
If (httprequest. isrequestedsessionidfromurl ()){
Httpsession session = httprequest. getsession ();
If (session! = NULL) Session. invalidate ();
}
// Wrap response to remove URL Encoding
Httpservletresponsewrapper wrappedresponse = new httpservletresponsewrapper (httpresponse ){
@ Override
Public String encoderedirecturl (string URL ){
Return URL;
}
@ Override
Public String encoderedirecturl (string URL ){
Return URL;
}
@ Override
Public String encodeurl (string URL ){
Return URL;
}
@ Override
Public String encodeurl (string URL ){
Return URL;
}
};
// Process next request in Chain
Chain. dofilter (request, wrappedresponse );
}
/**
* Unused.
*/
Public void Init (filterconfig config) throws servletexception {
}
/**
* Unused.
*/
Public void destroy (){
}