SessionCreationForAnonymousUserFilter (Atlassian Bamboo 7.2.4 API)

java.lang.Object
- com.atlassian.bamboo.filter.SessionCreationForAnonymousUserFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class SessionCreationForAnonymousUserFilter
extends Object
implements javax.servlet.Filter
```
See BDEV-2966. Essentially we do not consciously create sessions for anonymous users. This causes REST requests to die (potentially a bug there). This filter is running just before sitemesh, because it used to be sitemesh that would create this session Logic in 4.4.5: Page Request -> SecurityFilter (null session doesn't die cause auth type != ANY) -> All other crap -> Sitemesh (created session and set jsession id) -> Back to user -> REST request comes in using new jsession id) -> Security Filter In 5.0 we upgraded sitemesh causing this to session creation to not happen and therefore a null session comes through with the REST request. This is not the correct fix, but the only one that is the least risky in the 5.0 timeframe. Note that we can not create the session prior to the security filter as this will screw up the login logic. todo revisit after 5.0

Since:

5.0

Constructor Summary

Constructors
Constructor and Description

SessionCreationForAnonymousUserFilter()

Constructors
Constructor and Description
`SessionCreationForAnonymousUserFilter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest rq, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- SessionCreationForAnonymousUserFilter
```
public SessionCreationForAnonymousUserFilter()
```

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest rq,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: IOException; javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

Class SessionCreationForAnonymousUserFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SessionCreationForAnonymousUserFilter

Method Detail

doFilter

init

destroy