Package org.adempiere.webui.session
Class SessionFingerprintFilter
java.lang.Object
org.adempiere.webui.session.SessionFingerprintFilter
- All Implemented Interfaces:
javax.servlet.Filter
Servlet filter to validate session fingerprint on each request.
This filter helps protect against session fixation and session hijacking attacks
by validating that client characteristics (IP, User-Agent) match what was stored
at login time.
When a fingerprint mismatch is detected, the session is invalidated and the user
is redirected to the login page.
-
Constructor Summary
Constructors -
Method Summary
-
Constructor Details
-
SessionFingerprintFilter
public SessionFingerprintFilter()
-
-
Method Details
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException - Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
IOExceptionjavax.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroyin interfacejavax.servlet.Filter
-