Class ScriptHttpSession

  • All Implemented Interfaces:
    javax.servlet.http.HttpSession, javax.servlet.http.HttpSessionContext

    public class ScriptHttpSession
    extends Object
    implements javax.servlet.http.HttpSession, javax.servlet.http.HttpSessionContext
    A wrapper around HttpSession with security related checks.
    Since:
    12.4RC1, 11.10.5
    Version:
    $Id: 06547a79c272230c1e4615b1b2acc5bb30b11b1a $
    • Constructor Detail

      • ScriptHttpSession

        public ScriptHttpSession​(javax.servlet.http.HttpSession session,
                                 ContextualAuthorizationManager authorization)
        Parameters:
        session - the wrapped session
        authorization - used to check rights of the current author
    • Method Detail

      • getCreationTime

        public long getCreationTime()
        Specified by:
        getCreationTime in interface javax.servlet.http.HttpSession
      • getId

        public String getId()
        Specified by:
        getId in interface javax.servlet.http.HttpSession
      • getLastAccessedTime

        public long getLastAccessedTime()
        Specified by:
        getLastAccessedTime in interface javax.servlet.http.HttpSession
      • getServletContext

        public javax.servlet.ServletContext getServletContext()
        Specified by:
        getServletContext in interface javax.servlet.http.HttpSession
      • setMaxInactiveInterval

        public void setMaxInactiveInterval​(int interval)
        Specified by:
        setMaxInactiveInterval in interface javax.servlet.http.HttpSession
      • getMaxInactiveInterval

        public int getMaxInactiveInterval()
        Specified by:
        getMaxInactiveInterval in interface javax.servlet.http.HttpSession
      • getSessionContext

        public javax.servlet.http.HttpSessionContext getSessionContext()
        Specified by:
        getSessionContext in interface javax.servlet.http.HttpSession
      • getSafeAttribute

        public Object getSafeAttribute​(String name)
        Access an attribute that is safe to use for any script author.
        Parameters:
        name - the name of the attribute
        Returns:
        the value of the attribute
      • setSafeAttribute

        public void setSafeAttribute​(String name,
                                     Object value)
        Set an attribute that is safe to use for any script author.

        It's recommended to not store anything sensitive in there.

        Parameters:
        name - the name of the attribute
        value - the value of the attribute
      • removeSafeAttribute

        public void removeSafeAttribute​(String name)
        Remove an attribute that is safe to use for any script author.
        Parameters:
        name - the name of the attribute
      • getSafeAttributeNames

        public Enumeration<String> getSafeAttributeNames()
        Returns:
        the names of the attributes which are safe to use for any script author.
      • getAttribute

        public Object getAttribute​(String name)

        Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.

        Specified by:
        getAttribute in interface javax.servlet.http.HttpSession
        See Also:
        HttpSession.getAttribute(java.lang.String)
      • getValue

        public Object getValue​(String name)
        Specified by:
        getValue in interface javax.servlet.http.HttpSession
      • getAttributeNames

        public Enumeration<String> getAttributeNames()
        Specified by:
        getAttributeNames in interface javax.servlet.http.HttpSession
      • getValueNames

        public String[] getValueNames()
        Specified by:
        getValueNames in interface javax.servlet.http.HttpSession
      • setAttribute

        public void setAttribute​(String name,
                                 Object value)

        Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.

        Specified by:
        setAttribute in interface javax.servlet.http.HttpSession
        See Also:
        HttpSession.setAttribute(java.lang.String, java.lang.Object)
      • putValue

        public void putValue​(String name,
                             Object value)
        Specified by:
        putValue in interface javax.servlet.http.HttpSession
      • removeAttribute

        public void removeAttribute​(String name)

        Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.

        Specified by:
        removeAttribute in interface javax.servlet.http.HttpSession
        See Also:
        HttpSession.removeAttribute(java.lang.String)
      • removeValue

        public void removeValue​(String name)
        Specified by:
        removeValue in interface javax.servlet.http.HttpSession
      • invalidate

        public void invalidate()

        Allow to manipulate only a limited set of attributes when not a programming right user since other might be sensitive data.

        Specified by:
        invalidate in interface javax.servlet.http.HttpSession
        See Also:
        HttpSession.removeAttribute(java.lang.String)
      • isNew

        public boolean isNew()
        Specified by:
        isNew in interface javax.servlet.http.HttpSession
      • getSession

        public javax.servlet.http.HttpSession getSession​(String sessionId)
        Specified by:
        getSession in interface javax.servlet.http.HttpSessionContext
      • getIds

        public Enumeration<String> getIds()
        Specified by:
        getIds in interface javax.servlet.http.HttpSessionContext