com.atlassian.jira.web.filters.accesslog
Class AtlassianSessionIdUtil

java.lang.Object
  extended by com.atlassian.jira.web.filters.accesslog.AtlassianSessionIdUtil

public class AtlassianSessionIdUtil
extends Object

You can use this to generate a hash of the JSESSIONID so we can get session specific information into logs without giving away the keys to the house!

Since:
v3.13.2

Field Summary
static String ASESSIONID_NAME
           
static String JSESSIONID_NAME
           
 
Constructor Summary
AtlassianSessionIdUtil()
           
 
Method Summary
static String generateASESSIONID(String sessionId)
          This will generate a hashed version of the passed in HttpSession sessionId

It will be returned in the form digestEncodedValue-hexEncodedValue

static String generateAtlassianSessionHash(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)
          This will look for an existing HTTP session and if its present, it will generate a ASESSIONID base on a hash of the session's id.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ASESSIONID_NAME

public static final String ASESSIONID_NAME
See Also:
Constant Field Values

JSESSIONID_NAME

public static final String JSESSIONID_NAME
See Also:
Constant Field Values
Constructor Detail

AtlassianSessionIdUtil

public AtlassianSessionIdUtil()
Method Detail

generateAtlassianSessionHash

public static String generateAtlassianSessionHash(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                  javax.servlet.http.HttpServletResponse httpServletResponse)
This will look for an existing HTTP session and if its present, it will generate a ASESSIONID base on a hash of the session's id.

It will check in the session for such a beast, and hence only calculate it once and its lifecycle is therefore properly tied to the session itself.

We can then safely put this ASESSIONID in the logs and let someone upstream, say in a proxy, examine it.

CALLING NOTES - This method MUST be invoked before any content output is sent to the client. It sets cookies etc. and hence it needs the response to be be in a suitable state. It is expected that this method will be called early on in say a filter.

Parameters:
httpServletRequest - the HTTP request
httpServletResponse - the HTTP response
Returns:
the atlassian session id hash or null if there is no session (it does not exist) or if the hash of the session id cannot be generated (e.g. if the sessions id is null, which should not happen)

generateASESSIONID

public static String generateASESSIONID(String sessionId)
This will generate a hashed version of the passed in HttpSession sessionId

It will be returned in the form digestEncodedValue-hexEncodedValue

Parameters:
sessionId - the session id string
Returns:
a hashed version of that session string or null if the input is null


Copyright © 2002-2013 Atlassian. All Rights Reserved.