ActionTimeoutAjaxFilter.java

/*
 * Copyright 2005 Joe Walker
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.directwebremoting.filter;

import java.lang.reflect.Method;

import org.directwebremoting.AjaxFilter;
import org.directwebremoting.AjaxFilterChain;
import org.directwebremoting.ScriptBuffer;
import org.directwebremoting.ScriptSession;
import org.directwebremoting.WebContextFactory;
import org.directwebremoting.io.DwrConvertedException;

/**
 * {@link ScriptSession}s are timed out based on total user activity, which
 * includes reverse ajax calls. You may wish to timeout a ScriptSession while
 * the user is still on the page if they have no taken any actions in the last
 * 'n' seconds.
 * @author Joe Walker [joe at getahead dot ltd dot uk]
 */
public class ActionTimeoutAjaxFilter implements AjaxFilter
{
    /* (non-Javadoc)
     * @see org.directwebremoting.AjaxFilter#doFilter(java.lang.Object, java.lang.reflect.Method, java.lang.Object[], org.directwebremoting.AjaxFilterChain)
     */
    public Object doFilter(Object obj, Method method, Object[] params, AjaxFilterChain chain) throws Exception
    {
        ScriptSession session = WebContextFactory.get().getScriptSession();
        Long lastAccess = (Long) session.getAttribute(ATTRIBUTE_LAST_ACTION);

        // Free pass in if you've not done anything so far.
        if (lastAccess != null)
        {
            long now = System.currentTimeMillis();
            if (now > lastAccess + actionTimeoutMillis)
            {
                session.addScript(new ScriptBuffer(onTimeout));
                session.invalidate();
                throw new DwrConvertedException("Your session has timed out");
            }
        }

        Object reply = chain.doFilter(obj, method, params);

        session.setAttribute(ATTRIBUTE_LAST_ACTION, System.currentTimeMillis());

        return reply;
    }

    /**
     * The time after which we detect out of date ScriptSessions, and time
     * them out.
     */
    public void setActionTimeoutMillis(long actionTimeoutMillis)
    {
        this.actionTimeoutMillis = actionTimeoutMillis;
    }

    /**
     * @see #setActionTimeoutMillis(long)
     */
    private long actionTimeoutMillis;

    /**
     * What do we ask the browser to do when the timeout happens?
     */
    public void setOnTimeout(String onTimeout)
    {
        this.onTimeout = onTimeout;
    }

    /**
     * @see #setOnTimeout(String)
     */
    private String onTimeout = "window.setLocation('about:blank');";

    /**
     * The attribute under which we store the last action time.
     */
    private static final String ATTRIBUTE_LAST_ACTION = "org.directwebremoting.filter.ActionTimeoutAjaxFilter.lastActionTime";
}