use of spark.Session in project vertigo by KleeGroup.
the class SessionWebServiceHandlerPlugin method handle.
/**
* {@inheritDoc}
*/
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
// obtain session (create if needed)
final Session session = request.session(true);
final UserSession user = obtainUserSession(session);
try {
// Bind userSession to SecurityManager
securityManager.startCurrentUserSession(user);
return chain.handle(request, response, routeContext);
} catch (final VSecurityException e) {
if (session.isNew()) {
// If a new session is badly use, we invalid it (light protection against DDOS)
session.invalidate();
// If session was just created, we translate securityException as a Session expiration.
throw (SessionException) new SessionException("Session has expired").initCause(e);
}
throw e;
} finally {
// Unbind userSession to SecurityManager
securityManager.stopCurrentUserSession();
}
}
Aggregations