7 Replies Latest reply on Dec 13, 2011 8:02 AM by Trevor Sweeney

    Removing JSession id from url and links

    Trevor Sweeney Newbie

      I am trying to remove the jsession id from the url and links in much the same fashion as in seam 2, here is the example servlet from seam 2




      @Startup
      @Scope(ScopeType.APPLICATION)
      @Name("sessionIdFilter")
      @BypassInterceptors
      @Filter(around ="org.jboss.seam.web.ajax4jsfFilter")
      public class SessionIdFilter extends AbstractFilter {
      
          public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
                  throws IOException, ServletException {
      
              if (!(req instanceof HttpServletRequest)) {
                  chain.doFilter(req, res);
                  return;
              }
      
              HttpServletRequest request = (HttpServletRequest) req;
              HttpServletResponse response = (HttpServletResponse) res;
      
              // Redirect requests with JSESSIONID in URL to clean version (old links 
              // bookmarked/stored by bots). This is ONLY triggered if the request did 
              // not also contain a JSESSIONID cookie! Which should be fine for bots...
              if (request.isRequestedSessionIdFromURL()) {
                  String url = request.getRequestURL()
                               .append(request.getQueryString() != null ? "?"+request.getQueryString() : "")
                               .toString();
                  // TODO: The url is clean, at least in Tomcat, which strips out 
                  // the JSESSIONID path parameter automatically (Jetty does not?!)
                  response.setHeader("Location", url);
                  response.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY);
                  return;
              }
      
              // Prevent rendering of JSESSIONID in URLs for all outgoing links
              HttpServletResponseWrapper wrappedResponse =
                  new HttpServletResponseWrapper(response) {
                      @Override
                      public String encodeRedirectUrl(String url) {
                          return url;
                      }
      
                      @Override
                      public String encodeRedirectURL(String url) {
                          return url;
                      }
      
                      @Override
                      public String encodeUrl(String url) {
                          return url;
                      }
      
                      @Override
                      public String encodeURL(String url) {
                          return url;
                      }
                  };
              chain.doFilter(req, wrappedResponse);
      
          }
      }




      In seam 3 i have converted this filter to observe the HttpServletRequestContext for @PATH("") and @Initialized


      The first half of the above servlet is an easy conversion as I can grab the request and redirect if needed.  The second and most useful half is where I am stumped.  I cant find any way to override the response object to no op the 4 encodeurl methods. 


      Has anyone found a solution to this yet? any suggestions?