001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    
018    package org.apache.activemq.web;
019    
020    import java.io.IOException;
021    import java.util.UUID;
022    
023    import javax.servlet.Filter;
024    import javax.servlet.FilterChain;
025    import javax.servlet.FilterConfig;
026    import javax.servlet.ServletException;
027    import javax.servlet.ServletRequest;
028    import javax.servlet.ServletResponse;
029    import javax.servlet.http.HttpServletRequest;
030    import javax.servlet.http.HttpSession;
031    
032    /* ------------------------------------------------------------ */
033    /**
034     * SessionFilter. Simple filter to ensure that all clients have a session.
035     * Prevents problems with AJAX requests.
036     */
037    public class SessionFilter implements Filter {
038    
039        public void init(FilterConfig filterConfig) throws ServletException {
040        }
041    
042        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
043            // set secret to prevent CSRF attacks
044            ((HttpServletRequest)request).getSession(true).setAttribute("secret", UUID.randomUUID().toString());;
045            chain.doFilter(request, response);
046        }
047    
048        public void destroy() {
049        }
050    
051    }