8

I will need to implement my own version of HttpSession in Java. I have found very little information which explains how achieve such a feat.

I guess my problem is - how do I override the existing HttpSession no matter the application server's implementation?

I did run across a quality but rather old read which helps me achieve my goal - http://java.sun.com/developer/technicalArticles/Servlets/ServletControl/

Are there any other approaches?

plymouth5
  • 89
  • 1
  • 1
  • 2
  • 6
    AFAIK, this is not possible. The JEE spec doesn't mandate that the HttpSession implementation is replaceable. But the main question is: why do you want to do this? – JB Nizet Aug 20 '11 at 22:29
  • not sure if you need to know how to implement it, but check this http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Session-Tracking.html –  Aug 20 '11 at 22:41
  • What exactly do you need to do that you think you need to implement HttpSession? – CrackerJack9 Aug 21 '11 at 15:05

3 Answers3

8

Its two ways.

"Wrapping" the original HttpSession in your own HttpServletRequestWrapper implementation.

I made this a short time ago for clustering distributed sessions with Hazelcast and Spring Session.

Here is explained pretty well.

First, implement your own HttpServletRequestWrapper

public class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper {

        public SessionRepositoryRequestWrapper(HttpServletRequest original) {
                super(original);
        }

        public HttpSession getSession() {
                return getSession(true);
        }

        public HttpSession getSession(boolean createNew) {
                // create an HttpSession implementation from Spring Session
        }

        // ... other methods delegate to the original HttpServletRequest ...
}

After, from your own Filter, wraps the original HttpSession, and put it inside the FilterChain provided by your Servlet Container.

public class SessionRepositoryFilter implements Filter {

        public doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
                HttpServletRequest httpRequest = (HttpServletRequest) request;
                SessionRepositoryRequestWrapper customRequest =
                        new SessionRepositoryRequestWrapper(httpRequest);

                chain.doFilter(customRequest, response, chain);
        }

        // ...
}

Finally, set your Filter at the beginning in the web.xml to ensure it performs before any other.

The second manner to achieve it is providing to your Servlet Container your custom SessionManager.

For example, in Tomcat 7.

Dani
  • 4,001
  • 7
  • 36
  • 60
5

Create a new class, and implement HttpSession:

public class MyHttpSession implements javax.servlet.http.HttpSession {

    // and implement all the methods

}

Disclaimer: I have not tested this myself:

Then write a filter with a url-pattern of /* and extend HttpServletRequestWrapper. Your wrapper should return your custom HttpSession class in getSession(boolean). In the filter, use your own HttpServletRequestWrapper.

CrackerJack9
  • 3,650
  • 1
  • 27
  • 48
1

It doesn't seem like it's easily doable in a portable fashion that would work among different containers, since the HttpSession implementation is provided by the J2EE container.

However, to achieve a similar result, you can implement a javax.servlet.Filter and javax.servlet.HttpSessionListener and in your filter, wrap the ServletRequest and ServletResponse, such as described in Spring Boot with Hazelcast and Tomcat.

Community
  • 1
  • 1
gx0r
  • 4,682
  • 2
  • 23
  • 24