com.ibm.portal.auth
Interface SessionValidationFilter
- All Superinterfaces:
- SecurityFilter
-
public interface SessionValidationFilter
- extends SecurityFilter
This interface can be implemented to realize a custom element in the filter chain for session validation in Portal.
The session validation method is called once for every request before actions are executed
and the page is rendered. It can thus be used to perform particular checks based on request
or session information, and e.g. trigger a redirect if a check fails.
The session validation method can be used to add additional logic before or after calling the next
session validation filter chain element by invoking the session validation method on the SessionValidationFilterChain
passed in as the last argument.
The order of the session validation filter elements is defined by the sessionvalidation.filterchain
property in the Portal Authentication Service.
Each session validation filter is instantiated as a singleton, so the implementor must make sure that
the validateSession(HttpServletRequest, HttpServletResponse, FilterChainContext, SessionValidationFilterChain)
method is thread-safe. The SecurityFilter.init(SecurityFilterConfig) method is called once during Portal startup and gets the
values of all properties of the Portal Authentication Service that start with
filterchain.properties.<fully qualified classname of the implementing class> passed in with the
SecurityFilterConfig object. The SecurityFilter.destroy() method is called once when Portal is shut down.
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 6.1
validateSession
void validateSession(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalSessionValidationContext,
SessionValidationFilterChain chain)
throws SessionValidationException
- Can be used to implement custom session validation code. The implementation should call the corresponding
session validation method on the next element in the session validation chain by invoking the validateSession method on the last
argument passed in.
- Parameters:
- req - The servlet request.
- resp - The servlet response. The implementor must not send a redirect
on this object, but use the FilterChainContext object passed in as
an argument to set a redirect target to be executed after the filter chain
has been processed.
- portalSessionValidationContext - A FilterChainContext object that can be used to share information between the session validation filter
implementations.
- chain - The reference to the session validation filter chain that has to be used to call the session validation method
of the next session validation filter chain element.
- Throws:
- SessionValidationException - This generic exception is thrown for all
kinds of exceptions that can occur during the session validation process.