SessionCreationForAnonymousUserFilter (Atlassian Bamboo 5.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.bamboo.filter
Class SessionCreationForAnonymousUserFilter

java.lang.Object
  com.atlassian.bamboo.filter.SessionCreationForAnonymousUserFilter

All Implemented Interfaces:: javax.servlet.Filter

public class SessionCreationForAnonymousUserFilter
extends java.lang.Object
implements javax.servlet.Filter
extends java.lang.Object
implements javax.servlet.Filter

See BDEV-2966. Essentially we do not consciously create sessions for anonymous users. This causes REST requests to die (potentially a bug there). This filter is running just before sitemesh, because it used to be sitemesh that would create this session Logic in 4.4.5: Page Request -> SecurityFilter (null session doesn't die cause auth type != ANY) -> All other crap -> Sitemesh (created session and set jsession id) -> Back to user -> REST request comes in using new jsession id) -> Security Filter In 5.0 we upgraded sitemesh causing this to session creation to not happen and therefore a null session comes through with the REST request. This is not the correct fix, but the only one that is the least risky in the 5.0 timeframe. Note that we can not create the session prior to the security filter as this will screw up the login logic. todo revisit after 5.0

Since:: 5.0

Constructor Summary
`SessionCreationForAnonymousUserFilter()`

Method Summary
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest rq, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail