java session 修改_修改 Servlet 的sessionId
默认情况在Servlet的sessionId是通过浏览器的Cookie来得到了,现在想从http://localhost:8080/test?jsessionid=ffffxxxxwwwwwww这种方式来得到jsessionId如果url中有就以url中的jsessionId为主,如果没有则取Cookie中的JSESSIONID,但在Servlet中并没有直接可以重新设置JSESSIONID的地方,跟踪代码后发现在可以通过反射的方式来修改jsessionid,这里给出相关代码
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.servlet4preview.http.HttpServletRequestWrapper;
import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils;
@WebFilter(urlPatterns = "/*", filterName = "sessionFilter")
public class SessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String jsessionid = request.getParameter("jsessionid");
if(!StringUtils.isEmpty(jsessionid)) {
Field field = ReflectionUtils.findField(request.getClass(), "request");
if(field != null) {
field.setAccessible(true);
Object tomcatReq = ReflectionUtils.getField(field, request);
field.setAccessible(false);
if(tomcatReq != null) {
Method setRequestedSessionId = ReflectionUtils.findMethod(tomcatReq.getClass(), "setRequestedSessionId", String.class);
if(setRequestedSessionId != null) {
ReflectionUtils.invokeMethod(setRequestedSessionId, tomcatReq, jsessionid);
}
}
}
}
HttpServletRequestWrapper req = new HttpServletRequestWrapper((HttpServletRequest) request) {
@Override
public Cookie[] getCookies() {
Cookie[] cookies = super.getCookies();
if(StringUtils.isEmpty(jsessionid) || Objects.isNull(cookies)) {
return cookies;
}
List newCookies = new ArrayList<>();
newCookies.add(new Cookie("JSESSIONID", jsessionid));
for (int i = 0; i< cookies.length; i++) {
Cookie cookie = cookies[i];
if(!"JSESSIONID".equalsIgnoreCase(cookie.getName())){
newCookies.add(cookie);
}
}
return newCookies.toArray(new Cookie[] {});
}
};
chain.doFilter(req, response);
}
@Override
public void destroy() {
}
}