com.ibm.portal.auth
Interface SessionValidationFilter

All Superinterfaces:

SecurityFilter

public interface SessionValidationFilter
extends SecurityFilter

This interface can be implemented to realize a custom element in the filter chain for session validation in Portal. The session validation method is called once for every request before actions are executed and the page is rendered. It can thus be used to perform particular checks based on request or session information, and e.g. trigger a redirect if a check fails. The session validation method can be used to add additional logic before or after calling the next session validation filter chain element by invoking the session validation method on the SessionValidationFilterChain passed in as the last argument. The order of the session validation filter elements is defined by the sessionvalidation.filterchain property in the Portal Authentication Service.

Each session validation filter is instantiated as a singleton, so the implementor must make sure that the validateSession(HttpServletRequest, HttpServletResponse, FilterChainContext, SessionValidationFilterChain) method is thread-safe. The SecurityFilter.init(SecurityFilterConfig) method is called once during Portal startup and gets the values of all properties of the Portal Authentication Service that start with filterchain.properties.<fully qualified classname of the implementing class> passed in with the SecurityFilterConfig object. The SecurityFilter.destroy() method is called once when Portal is shut down. NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme. The API can not be invoked directly by a custom servlet.

Since:

6.1

Method Summary

void	validateSession(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, FilterChainContext portalSessionValidationContext, SessionValidationFilterChain chain) Can be used to implement custom session validation code.

Methods inherited from interface com.ibm.portal.security.SecurityFilter

destroy, init

Method Detail

validateSession

void validateSession(javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse resp,
                     FilterChainContext portalSessionValidationContext,
                     SessionValidationFilterChain chain)
                     throws SessionValidationException

Can be used to implement custom session validation code. The implementation should call the corresponding session validation method on the next element in the session validation chain by invoking the validateSession method on the last argument passed in.

Parameters:

req - The servlet request.

resp - The servlet response. The implementor must not send a redirect on this object, but use the FilterChainContext object passed in as an argument to set a redirect target to be executed after the filter chain has been processed.

portalSessionValidationContext - A FilterChainContext object that can be used to share information between the session validation filter implementations.

chain - The reference to the session validation filter chain that has to be used to call the session validation method of the next session validation filter chain element.

Throws:

SessionValidationException - This generic exception is thrown for all kinds of exceptions that can occur during the session validation process.