Package com.xpn.xwiki.render
Class ScriptHttpSession
- java.lang.Object
-
- com.xpn.xwiki.render.ScriptHttpSession
-
- All Implemented Interfaces:
javax.servlet.http.HttpSession
,javax.servlet.http.HttpSessionContext
public class ScriptHttpSession extends Object implements javax.servlet.http.HttpSession, javax.servlet.http.HttpSessionContext
A wrapper aroundHttpSession
with security related checks.- Since:
- 12.4RC1, 11.10.5
- Version:
- $Id: 06547a79c272230c1e4615b1b2acc5bb30b11b1a $
-
-
Constructor Summary
Constructors Constructor Description ScriptHttpSession(javax.servlet.http.HttpSession session, ContextualAuthorizationManager authorization)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Object
getAttribute(String name)
Enumeration<String>
getAttributeNames()
long
getCreationTime()
String
getId()
Enumeration<String>
getIds()
long
getLastAccessedTime()
int
getMaxInactiveInterval()
Object
getSafeAttribute(String name)
Access an attribute that is safe to use for any script author.Enumeration<String>
getSafeAttributeNames()
javax.servlet.ServletContext
getServletContext()
javax.servlet.http.HttpSession
getSession(String sessionId)
javax.servlet.http.HttpSessionContext
getSessionContext()
Object
getValue(String name)
String[]
getValueNames()
void
invalidate()
boolean
isNew()
void
putValue(String name, Object value)
void
removeAttribute(String name)
void
removeSafeAttribute(String name)
Remove an attribute that is safe to use for any script author.void
removeValue(String name)
void
setAttribute(String name, Object value)
void
setMaxInactiveInterval(int interval)
void
setSafeAttribute(String name, Object value)
Set an attribute that is safe to use for any script author.
-
-
-
Constructor Detail
-
ScriptHttpSession
public ScriptHttpSession(javax.servlet.http.HttpSession session, ContextualAuthorizationManager authorization)
- Parameters:
session
- the wrapped sessionauthorization
- used to check rights of the current author
-
-
Method Detail
-
getCreationTime
public long getCreationTime()
- Specified by:
getCreationTime
in interfacejavax.servlet.http.HttpSession
-
getId
public String getId()
- Specified by:
getId
in interfacejavax.servlet.http.HttpSession
-
getLastAccessedTime
public long getLastAccessedTime()
- Specified by:
getLastAccessedTime
in interfacejavax.servlet.http.HttpSession
-
getServletContext
public javax.servlet.ServletContext getServletContext()
- Specified by:
getServletContext
in interfacejavax.servlet.http.HttpSession
-
setMaxInactiveInterval
public void setMaxInactiveInterval(int interval)
- Specified by:
setMaxInactiveInterval
in interfacejavax.servlet.http.HttpSession
-
getMaxInactiveInterval
public int getMaxInactiveInterval()
- Specified by:
getMaxInactiveInterval
in interfacejavax.servlet.http.HttpSession
-
getSessionContext
public javax.servlet.http.HttpSessionContext getSessionContext()
- Specified by:
getSessionContext
in interfacejavax.servlet.http.HttpSession
-
getSafeAttribute
public Object getSafeAttribute(String name)
Access an attribute that is safe to use for any script author.- Parameters:
name
- the name of the attribute- Returns:
- the value of the attribute
-
setSafeAttribute
public void setSafeAttribute(String name, Object value)
Set an attribute that is safe to use for any script author.It's recommended to not store anything sensitive in there.
- Parameters:
name
- the name of the attributevalue
- the value of the attribute
-
removeSafeAttribute
public void removeSafeAttribute(String name)
Remove an attribute that is safe to use for any script author.- Parameters:
name
- the name of the attribute
-
getSafeAttributeNames
public Enumeration<String> getSafeAttributeNames()
- Returns:
- the names of the attributes which are safe to use for any script author.
-
getAttribute
public Object getAttribute(String name)
Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.
- Specified by:
getAttribute
in interfacejavax.servlet.http.HttpSession
- See Also:
HttpSession.getAttribute(java.lang.String)
-
getValue
public Object getValue(String name)
- Specified by:
getValue
in interfacejavax.servlet.http.HttpSession
-
getAttributeNames
public Enumeration<String> getAttributeNames()
- Specified by:
getAttributeNames
in interfacejavax.servlet.http.HttpSession
-
getValueNames
public String[] getValueNames()
- Specified by:
getValueNames
in interfacejavax.servlet.http.HttpSession
-
setAttribute
public void setAttribute(String name, Object value)
Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.
- Specified by:
setAttribute
in interfacejavax.servlet.http.HttpSession
- See Also:
HttpSession.setAttribute(java.lang.String, java.lang.Object)
-
putValue
public void putValue(String name, Object value)
- Specified by:
putValue
in interfacejavax.servlet.http.HttpSession
-
removeAttribute
public void removeAttribute(String name)
Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.
- Specified by:
removeAttribute
in interfacejavax.servlet.http.HttpSession
- See Also:
HttpSession.removeAttribute(java.lang.String)
-
removeValue
public void removeValue(String name)
- Specified by:
removeValue
in interfacejavax.servlet.http.HttpSession
-
invalidate
public void invalidate()
Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.
- Specified by:
invalidate
in interfacejavax.servlet.http.HttpSession
- See Also:
HttpSession.removeAttribute(java.lang.String)
-
isNew
public boolean isNew()
- Specified by:
isNew
in interfacejavax.servlet.http.HttpSession
-
getSession
public javax.servlet.http.HttpSession getSession(String sessionId)
- Specified by:
getSession
in interfacejavax.servlet.http.HttpSessionContext
-
getIds
public Enumeration<String> getIds()
- Specified by:
getIds
in interfacejavax.servlet.http.HttpSessionContext
-
-