HttpServletRequestSession.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.usergrid.rest.security.shiro.session;


import java.io.Serializable;
import java.util.Collection;
import java.util.Date;
import java.util.UUID;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.collections.EnumerationUtils;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;


/**
 * Session that is only tied to an HttpServletRequest. This can be used for applications that prefer to remain
 * stateless.
 */
public class HttpServletRequestSession implements Session {
    private final HttpServletRequest request;
    private final String host;
    private final UUID uuid;
    private final Date start;


    public HttpServletRequestSession( HttpServletRequest request, String host ) {
        this.request = request;
        this.host = host;
        uuid = UUID.randomUUID();
        start = new Date();
    }


    @Override
    public Serializable getId() {
        return uuid;
    }


    @Override
    public Date getStartTimestamp() {
        return start;
    }


    @Override
    public Date getLastAccessTime() {
        // the user only makes one request that involves this session
        return start;
    }


    @Override
    public long getTimeout() throws InvalidSessionException {
        return -1;
    }


    @Override
    public void setTimeout( long maxIdleTimeInMillis ) throws InvalidSessionException {
        // ignore this - the session ends with the request and that's that...
    }


    @Override
    public String getHost() {
        return host;
    }


    @Override
    public void touch() throws InvalidSessionException {
        // do nothing - we don't timeout
    }


    @Override
    public void stop() throws InvalidSessionException {
        // do nothing - i don't have a use case for this and the structure to
        // support it, while not huge, adds
        // significant complexity
    }


    @SuppressWarnings({ "unchecked" })
    @Override
    public Collection<Object> getAttributeKeys() throws InvalidSessionException {
        return EnumerationUtils.toList( request.getAttributeNames() );
    }


    @Override
    public Object getAttribute( Object key ) throws InvalidSessionException {
        return request.getAttribute( stringify( key ) );
    }


    @Override
    public void setAttribute( Object key, Object value ) throws InvalidSessionException {
        request.setAttribute( stringify( key ), value );
    }


    @Override
    public Object removeAttribute( Object objectKey ) throws InvalidSessionException {
        String key = stringify( objectKey );
        Object formerValue = request.getAttribute( key );
        request.removeAttribute( key );
        return formerValue;
    }


    private String stringify( Object key ) {
        return key == null ? null : key.toString();
    }
}