본문 바로가기
Web Development/Spring

[Spring]http->https 이동간 세션 복사

by 피치피치어피치 2017. 10. 31.
반응형

https에서 http로 넘어갈때 세션이 매번 끊기진 않았지만 간혈적으로 끊겼고 특정 브라우저에서도 끊긴다고 한다.

http와https통신때 세션이 끊기지 않도록 하기위해 HttpsFilter를 만들어서 세션을 복사하는 필터를 걸어줬다.

 

우선 web.xml에 필터를 등록해준다.

 

web.xml

    
<filter>
   <filter-name>https</filter-name>
   <filter-class>HttpsFilter 패키지 경로.클래스명</filter-class>
</filter>
<filter-mapping>
   <filter-name>https</filter-name>
   <url-pattern>*.do</url-pattern>
</filter-mapping>

HttpsFilter 클래스와 HttpsRequestWrapper 클래스 추가

HttpsRequestWrapper.java

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class HttpsRequestWrapper extends HttpServletRequestWrapper{
   private HttpServletResponse reponse = null;

   public HttpsRequestWrapper(HttpServletRequest request){

      super(request);
   
   }
   
   public void setResponse(HttpServletResponse response){

      this.response = response;

   }
   
   @Override
   public HttpSession getSession(){
      
      HttpSession session = super.getSession();
   
      processSessionCookie(session);

      return session;
   }

   @Override
   public HttpSession getSession(boolean create){

      HttpSession session = super.getSession(create);
   
      processSessionCookie(session);

      return session;
   }

   private void processSessionCookie(HttpSession session){

      if(session == null || response == null){

         return;
      }

   Object cookieOverWritten = getAttribute("COOKIE_OVERWRITTEN_FLAG");

   if(cookieOverWritten == null && isSecure() && isRequestedSessionIdFromCookie() && session.isNew()){

      Cookie cookie = new Cookie("JSESSIONID",session.getId());

      cookie.setMaxAge(-1);

      String contextPath = getContextPath();

      if(contextPath != null && contextPath.length() > 0){
         
         cookie.setPath(contextPath);

       }else{

         cookie.setPath("/");

       }  
      
      response.addCookie(cookie);
      
      setAttribute("COOKIE_OVERWRITTEN_FLAG","true");
   }

   }

}

HttpsFilter.java

import java.io.IOExcetpion;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class HttpsFilter implements Filter{

   public HttpsFilter(){}

   @Override
   public void destroy(){}

   @Override
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException{
   
      HttpsRequestWrapper httpsRequest = new HttpsRequestWrapper((HttpServletRequest)request);

      httpsRequest.setResponse((HttpServletResponse)response);

      chain.doFilter(httpRequest,response);
   }

   @Override
   public void init(FilterConfig filterConfig) throws ServletException{}
}
반응형