java urlºóÃæ´øsessionid_Çå³ýurlÉϵÄsessionIDµÄ¹ýÂËÆ÷ | ѧ²½Ô°

importjavax.servlet.*;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpServletResponseWrapper;importjavax.servlet.http.HttpSession;importjava.io.IOException;/*** Servlet filter which disables URL-encoded session identifiers.

*

*

* Copyright (c) 2006, Craig Condit. All rights reserved.

*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions are met:

*

* * Redistributions of source code must retain the above copyright notice,

* this list of conditions and the following disclaimer.

* * Redistributions in binary form must reproduce the above copyright notice,

* this list of conditions and the following disclaimer in the documentation

* and/or other materials provided with the distribution.

*

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

* POSSIBILITY OF SUCH DAMAGE.

*

*/@SuppressWarnings("deprecation")publicclassDisableUrlSessionFilterimplementsFilter {/*** Filters requests to disable URL-based session identifiers.*/publicvoiddoFilter(ServletRequest request, ServletResponse response, FilterChain chain)throwsIOException, ServletException {//skip non-http requestsif(!(requestinstanceofHttpServletRequest)) {

chain.doFilter(request, response);return;

}

HttpServletRequest httpRequest=(HttpServletRequest) request;

HttpServletResponse httpResponse=(HttpServletResponse) response;//clear session if session id in URLif(httpRequest.isRequestedSessionIdFromURL()) {

HttpSession session=httpRequest.getSession();if(session!=null) session.invalidate();

}//wrap response to remove URL encodingHttpServletResponseWrapper wrappedResponse=newHttpServletResponseWrapper(httpResponse) {

@OverridepublicString encodeRedirectUrl(String url) {returnurl;

}

@OverridepublicString encodeRedirectURL(String url) {returnurl;

}

@OverridepublicString encodeUrl(String url) {returnurl;

}

@OverridepublicString encodeURL(String url) {returnurl;

}

};//process next request in chainchain.doFilter(request, wrappedResponse);

}/*** Unused.*/publicvoidinit(FilterConfig config)throwsServletException {

}/*** Unused.*/publicvoiddestroy() {

}