diff options
| author | Greg Wilkins | 2010-09-28 04:28:38 +0000 |
|---|---|---|
| committer | Greg Wilkins | 2010-09-28 04:28:38 +0000 |
| commit | 25446eb2216f146caefdcb0fbae7617dd7c5c6cf (patch) | |
| tree | ec50f6bb6d3c4caae42fe463188369dcd882bafd | |
| parent | 0f292471904834e4c51b89a533b97a880df67670 (diff) | |
| download | org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.gz org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.tar.xz org.eclipse.jetty.project-25446eb2216f146caefdcb0fbae7617dd7c5c6cf.zip | |
JETTY-1281 Create new session after authentication
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2304 7e9141cc-0065-0410-87d8-b60c137991c4
19 files changed, 185 insertions, 68 deletions
diff --git a/VERSION.txt b/VERSION.txt index a88dbf5d50..a9f5a0b1dc 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -51,6 +51,7 @@ jetty-7.2-SNAPSHOT + JETTY-1269 Improve log multithreadedness + JETTY-1270 Websocket closed endp protection + JETTY-1271 handled unavailable exception + + JETTY-1281 Create new session after authentication + JETTY-1297 Make jetty-plus.xml enable plus features for all webapps by default + Fix jetty-plus.xml for new configuration names + Added ignore to Logger interface diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java index 70764bd872..df91394e72 100644 --- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java +++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java @@ -67,7 +67,7 @@ public class JaspiAuthenticator implements Authenticator } - public void setConfiguration(Configuration configuration) + public void setConfiguration(AuthConfiguration configuration) { } diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticatorFactory.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticatorFactory.java index 2ad57dd6a6..410ffc23eb 100644 --- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticatorFactory.java +++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticatorFactory.java @@ -31,7 +31,7 @@ import org.eclipse.jetty.security.Authenticator; import org.eclipse.jetty.security.DefaultAuthenticatorFactory; import org.eclipse.jetty.security.IdentityService; import org.eclipse.jetty.security.LoginService; -import org.eclipse.jetty.security.Authenticator.Configuration; +import org.eclipse.jetty.security.Authenticator.AuthConfiguration; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.util.log.Log; @@ -80,7 +80,7 @@ public class JaspiAuthenticatorFactory extends DefaultAuthenticatorFactory } /* ------------------------------------------------------------ */ - public Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService) + public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) { Authenticator authenticator=null; try diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java index 0852bf5f9b..ef18620371 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java @@ -22,6 +22,7 @@ import javax.servlet.ServletResponse; import org.eclipse.jetty.server.Authentication; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Authentication.User; +import org.eclipse.jetty.server.SessionManager; /** * Authenticator Interface @@ -40,7 +41,7 @@ public interface Authenticator * Configure the Authenticator * @param configuration */ - void setConfiguration(Configuration configuration); + void setConfiguration(AuthConfiguration configuration); /* ------------------------------------------------------------ */ /** @@ -80,7 +81,7 @@ public interface Authenticator /** * Authenticator Configuration */ - interface Configuration + interface AuthConfiguration { String getAuthMethod(); String getRealmName(); @@ -88,16 +89,17 @@ public interface Authenticator Set<String> getInitParameterNames(); LoginService getLoginService(); IdentityService getIdentityService(); + boolean isSessionRenewedOnAuthentication(); } /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /** - * Authenticator Facotory + * Authenticator Factory */ interface Factory { - Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService); + Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java index 2526b19d0d..bd783ce1f0 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java @@ -29,7 +29,10 @@ import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.HttpConnection; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Response; +import org.eclipse.jetty.server.SessionManager; import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.server.handler.ContextHandler; +import org.eclipse.jetty.server.session.SessionHandler; import org.eclipse.jetty.util.StringMap; /* ------------------------------------------------------------ */ @@ -45,6 +48,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr private final Set<String> _roles = new CopyOnWriteArraySet<String>(); private final PathMap _constraintMap = new PathMap(); private boolean _strict = true; + private SessionHandler _sessionHandler; /* ------------------------------------------------------------ */ @@ -93,13 +97,6 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr } /* ------------------------------------------------------------ */ - @Deprecated - public void setConstraintMappings(ConstraintMapping[] constraintMappings) - { - setConstraintMappings(Arrays.asList(constraintMappings),null); - } - - /* ------------------------------------------------------------ */ /** * Process the constraints following the combining rules in Servlet 3.0 EA * spec section 13.7.1 Note that much of the logic is in the RoleInfo class. @@ -112,14 +109,6 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr { setConstraintMappings(constraintMappings,null); } - - - /* ------------------------------------------------------------ */ - @Deprecated - public void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles) - { - setConstraintMappings(Arrays.asList(constraintMappings),roles); - } /* ------------------------------------------------------------ */ /** @@ -226,6 +215,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr processContraintMapping(mapping); } } + + if (ContextHandler.getCurrentContext()!=null) + _sessionHandler = ContextHandler.getCurrentContext().getContextHandler().getNestedHandlerByClass(SessionHandler.class); + super.doStart(); } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java index bec4b347c1..3f3d12b83e 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java @@ -16,7 +16,7 @@ package org.eclipse.jetty.security; import javax.servlet.ServletContext; import org.eclipse.jetty.http.security.Constraint; -import org.eclipse.jetty.security.Authenticator.Configuration; +import org.eclipse.jetty.security.Authenticator.AuthConfiguration; import org.eclipse.jetty.security.authentication.BasicAuthenticator; import org.eclipse.jetty.security.authentication.ClientCertAuthenticator; import org.eclipse.jetty.security.authentication.DigestAuthenticator; @@ -26,7 +26,7 @@ import org.eclipse.jetty.server.Server; /* ------------------------------------------------------------ */ /** * The Default Authenticator Factory. - * Uses the {@link Configuration#getAuthMethod()} to select an {@link Authenticator} from: <ul> + * Uses the {@link AuthConfiguration#getAuthMethod()} to select an {@link Authenticator} from: <ul> * <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li> * <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li> * <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li> @@ -48,7 +48,7 @@ public class DefaultAuthenticatorFactory implements Authenticator.Factory { LoginService _loginService; - public Authenticator getAuthenticator(Server server, ServletContext context, Configuration configuration, IdentityService identityService, LoginService loginService) + public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) { String auth=configuration.getAuthMethod(); Authenticator authenticator=null; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index 0d78853666..1817419032 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -50,7 +50,7 @@ import org.eclipse.jetty.util.log.Log; * values in the SecurityHandler init parameters, are copied. * */ -public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.Configuration +public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration { /* ------------------------------------------------------------ */ private boolean _checkWelcomeFiles = false; @@ -62,6 +62,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti private LoginService _loginService; private boolean _loginServiceShared; private IdentityService _identityService; + private boolean _renewSession=true; /* ------------------------------------------------------------ */ protected SecurityHandler() @@ -373,6 +374,26 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication() + */ + public boolean isSessionRenewedOnAuthentication() + { + return _renewSession; + } + + /* ------------------------------------------------------------ */ + /** Set renew the session on Authentication. + * <p> + * If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session. + * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication() + */ + public void setSessionRenewedOnAuthentication(boolean renew) + { + _renewSession=renew; + } + + /* ------------------------------------------------------------ */ /* * @see org.eclipse.jetty.server.Handler#handle(java.lang.String, * javax.servlet.http.HttpServletRequest, diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index 5499923414..1b01db44a2 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -76,7 +76,10 @@ public class BasicAuthenticator extends LoginAuthenticator UserIdentity user = _loginService.login(username,password); if (user!=null) + { + renewSessionOnAuthentication(request,response); return new UserAuthentication(this,user); + } } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java index f40b7e66e8..a754209b74 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java @@ -75,7 +75,10 @@ public class ClientCertAuthenticator extends LoginAuthenticator UserIdentity user = _loginService.login(username,credential); if (user!=null) + { + renewSessionOnAuthentication(request,response); return new UserAuthentication(this,user); + } } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index 9768b411c0..ad5295f538 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -127,7 +127,10 @@ public class DigestAuthenticator extends LoginAuthenticator { UserIdentity user = _loginService.login(digest.username,digest); if (user!=null) + { + renewSessionOnAuthentication(request,response); return new UserAuthentication(this,user); + } } else if (n == 0) stale = true; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index c546d40f7d..8edd0cafa2 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -93,10 +93,10 @@ public class FormAuthenticator extends LoginAuthenticator /* ------------------------------------------------------------ */ /** - * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.Configuration) + * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration) */ @Override - public void setConfiguration(Configuration configuration) + public void setConfiguration(AuthConfiguration configuration) { super.setConfiguration(configuration); String login=configuration.getInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE); @@ -181,6 +181,8 @@ public class FormAuthenticator extends LoginAuthenticator UserIdentity user = _loginService.login(username,password); if (user!=null) { + session=renewSessionOnAuthentication(request,response); + // Redirect to original request String nuri; synchronized(session) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java index cf339d02cc..6e48881d30 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -13,21 +13,31 @@ package org.eclipse.jetty.security.authentication; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + import org.eclipse.jetty.security.Authenticator; import org.eclipse.jetty.security.IdentityService; import org.eclipse.jetty.security.LoginService; +import org.eclipse.jetty.server.SessionManager; public abstract class LoginAuthenticator implements Authenticator { protected final DeferredAuthentication _deferred=new DeferredAuthentication(this); protected LoginService _loginService; protected IdentityService _identityService; + private boolean _renewSession; protected LoginAuthenticator() { } - public void setConfiguration(Configuration configuration) + public void setConfiguration(AuthConfiguration configuration) { _loginService=configuration.getLoginService(); if (_loginService==null) @@ -35,10 +45,42 @@ public abstract class LoginAuthenticator implements Authenticator _identityService=configuration.getIdentityService(); if (_identityService==null) throw new IllegalStateException("No IdentityService for "+this+" in "+configuration); + _renewSession=configuration.isSessionRenewedOnAuthentication(); } public LoginService getLoginService() { return _loginService; } + + /* ------------------------------------------------------------ */ + /** Change the session when the request is authenticated for the first time + * @param request + * @param response + * @return The new session. + */ + protected HttpSession renewSessionOnAuthentication(HttpServletRequest request, HttpServletResponse response) + { + HttpSession httpSession = request.getSession(false); + if (_renewSession && httpSession!=null && httpSession.getAttribute("org.eclipse.jetty.security.secured")==null) + { + synchronized (this) + { + Map<String,Object> attributes = new HashMap<String, Object>(); + for (Enumeration<String> e=httpSession.getAttributeNames();e.hasMoreElements();) + { + String name=e.nextElement(); + attributes.put(name,httpSession.getAttribute(name)); + httpSession.removeAttribute(name); + } + httpSession.invalidate(); + httpSession = request.getSession(true); + httpSession.setAttribute("org.eclipse.jetty.security.secured",Boolean.TRUE); + for (Map.Entry<String, Object> entry: attributes.entrySet()) + httpSession.setAttribute(entry.getKey(),entry.getValue()); + } + } + + return httpSession; + } } diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 2393c26d6e..5d27812eb2 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -41,6 +41,7 @@ import org.eclipse.jetty.server.handler.AbstractHandler; import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.session.SessionHandler; +import org.eclipse.jetty.util.log.Log; import org.junit.After; import org.junit.Before; import org.junit.BeforeClass; @@ -268,6 +269,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -324,6 +326,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -384,6 +387,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); // sneak in other request response = _connector.getResponses("GET /ctx/auth/other HTTP/1.0\r\n" + @@ -447,6 +451,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info;jsessionid="+session+";other HTTP/1.0\r\n" + "\r\n"); @@ -562,6 +567,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -592,6 +598,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -621,6 +628,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -670,6 +678,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -700,6 +709,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + @@ -730,7 +740,7 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 302 ")); assertTrue(response.indexOf("Location") > 0); assertTrue(response.indexOf("/ctx/auth/info") > 0); - + session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java index bdd9fe5d60..02c8799d13 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java @@ -17,6 +17,7 @@ import java.util.EventListener; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.eclipse.jetty.http.HttpCookie; @@ -29,6 +30,10 @@ import org.eclipse.jetty.util.component.LifeCycle; * The API required to manage sessions for a servlet context. * */ + +/* ------------------------------------------------------------ */ +/** + */ public interface SessionManager extends LifeCycle { /* ------------------------------------------------------------ */ @@ -336,4 +341,5 @@ public interface SessionManager extends LifeCycle * @param remote True if absolute URLs are check for remoteness before being session encoded. */ public void setCheckingRemoteSessionIdEncoding(boolean remote); + } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/HandlerWrapper.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/HandlerWrapper.java index d68ce6b020..828069a361 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/HandlerWrapper.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/HandlerWrapper.java @@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.util.LazyList; import org.eclipse.jetty.util.component.LifeCycle; /* ------------------------------------------------------------ */ @@ -144,5 +145,22 @@ public class HandlerWrapper extends AbstractHandlerContainer return expandHandler(_handler,list,byClass); } + /* ------------------------------------------------------------ */ + public <H extends Handler> H getNestedHandlerByClass(Class<H> byclass) + { + HandlerWrapper h=this; + while (h!=null) + { + if (byclass.isInstance(h)) + return (H)h; + Handler w = h.getHandler(); + if (w instanceof HandlerWrapper) + h=(HandlerWrapper)w; + else break; + } + return null; + + } + } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java index c8976176ca..709d978654 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java @@ -90,20 +90,23 @@ public abstract class AbstractSessionIdManager extends AbstractLifeCycle impleme { synchronized (this) { - // A requested session ID can only be used if it is in use already. - String requested_id=request.getRequestedSessionId(); - if (requested_id!=null) + if (request!=null) { - String cluster_id=getClusterId(requested_id); - if (idInUse(cluster_id)) - return cluster_id; - } - - // Else reuse any new session ID already defined for this request. - String new_id=(String)request.getAttribute(__NEW_SESSION_ID); - if (new_id!=null&&idInUse(new_id)) - return new_id; + // A requested session ID can only be used if it is in use already. + String requested_id=request.getRequestedSessionId(); + if (requested_id!=null) + { + String cluster_id=getClusterId(requested_id); + if (idInUse(cluster_id)) + return cluster_id; + } + // Else reuse any new session ID already defined for this request. + String new_id=(String)request.getAttribute(__NEW_SESSION_ID); + if (new_id!=null&&idInUse(new_id)) + return new_id; + } + // pick a new unique ID! String id=null; while (id==null||id.length()==0||idInUse(id)) @@ -167,4 +170,6 @@ public abstract class AbstractSessionIdManager extends AbstractLifeCycle impleme } _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory()); } + + } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java index a877c4e5a9..dc0db866b2 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java @@ -20,12 +20,14 @@ import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; import java.util.EventListener; +import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionActivationListener; import javax.servlet.http.HttpSessionAttributeListener; @@ -36,6 +38,8 @@ import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; import org.eclipse.jetty.http.HttpCookie; +import org.eclipse.jetty.server.HttpConnection; +import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.SessionIdManager; import org.eclipse.jetty.server.SessionManager; diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/HashSessionManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/HashSessionManager.java index 2c7d2feb33..804acfe08c 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/HashSessionManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/HashSessionManager.java @@ -51,7 +51,7 @@ public class HashSessionManager extends AbstractSessionManager private int _scavengePeriodMs=30000; private int _savePeriodMs=0; //don't do period saves by default private TimerTask _saveTask; - protected Map _sessions; + protected Map<String,HashedSession> _sessions; private File _storeDir; private boolean _lazyLoad=false; private boolean _sessionsLoaded=false; @@ -69,7 +69,7 @@ public class HashSessionManager extends AbstractSessionManager @Override public void doStart() throws Exception { - _sessions=new ConcurrentHashMap(); // TODO: use syncronizedMap for JDK 1.4 + _sessions=new ConcurrentHashMap<String,HashedSession>(); super.doStart(); _timer=new Timer("HashSessionScavenger-"+__id++, true); @@ -160,7 +160,6 @@ public class HashSessionManager extends AbstractSessionManager /* ------------------------------------------------------------ */ public void setSavePeriod (int seconds) { - int oldSavePeriod = _savePeriodMs; int period = (seconds * 1000); if (period < 0) period=0; @@ -278,9 +277,9 @@ public class HashSessionManager extends AbstractSessionManager synchronized (HashSessionManager.this) { // For each session - for (Iterator i=_sessions.values().iterator(); i.hasNext();) + for (Iterator<HashedSession> i=_sessions.values().iterator(); i.hasNext();) { - Session session=(Session)i.next(); + HashedSession session=i.next(); long idleTime=session._maxIdleMs; if (idleTime>0&&session._accessed+idleTime<now) { @@ -294,7 +293,7 @@ public class HashSessionManager extends AbstractSessionManager for (int i=LazyList.size(stale); i-->0;) { // check it has not been accessed in the meantime - Session session=(Session)LazyList.get(stale,i); + HashedSession session=(HashedSession)LazyList.get(stale,i); long idleTime=session._maxIdleMs; if (idleTime>0&&session._accessed+idleTime<System.currentTimeMillis()) { @@ -319,7 +318,7 @@ public class HashSessionManager extends AbstractSessionManager @Override protected void addSession(AbstractSessionManager.Session session) { - _sessions.put(session.getClusterId(),session); + _sessions.put(session.getClusterId(),(HashedSession)session); } /* ------------------------------------------------------------ */ @@ -336,10 +335,10 @@ public class HashSessionManager extends AbstractSessionManager Log.warn(e); } - if (_sessions==null) + Map<String,HashedSession> sessions=_sessions; + if (sessions==null) return null; - - return (Session)_sessions.get(idInCluster); + return sessions.get(idInCluster); } /* ------------------------------------------------------------ */ @@ -347,10 +346,10 @@ public class HashSessionManager extends AbstractSessionManager protected void invalidateSessions() { // Invalidate all sessions to cause unbind events - ArrayList sessions=new ArrayList(_sessions.values()); - for (Iterator i=sessions.iterator(); i.hasNext();) + ArrayList<HashedSession> sessions=new ArrayList<HashedSession>(_sessions.values()); + for (Iterator<HashedSession> i=sessions.iterator(); i.hasNext();) { - Session session=(Session)i.next(); + HashedSession session=(HashedSession)i.next(); session.invalidate(); } _sessions.clear(); @@ -361,13 +360,13 @@ public class HashSessionManager extends AbstractSessionManager @Override protected AbstractSessionManager.Session newSession(HttpServletRequest request) { - return new Session(request); + return new HashedSession(request); } /* ------------------------------------------------------------ */ protected AbstractSessionManager.Session newSession(long created, long accessed, String clusterId) { - return new Session(created,accessed, clusterId); + return new HashedSession(created,accessed, clusterId); } /* ------------------------------------------------------------ */ @@ -422,7 +421,7 @@ public class HashSessionManager extends AbstractSessionManager try { FileInputStream in = new FileInputStream(files[i]); - Session session = restoreSession(in); + HashedSession session = restoreSession(in); in.close(); addSession(session, false); session.didActivate(); @@ -453,12 +452,12 @@ public class HashSessionManager extends AbstractSessionManager synchronized (this) { - Iterator itor = _sessions.entrySet().iterator(); + Iterator<Map.Entry<String, HashedSession>> itor = _sessions.entrySet().iterator(); while (itor.hasNext()) { - Map.Entry entry = (Map.Entry)itor.next(); + Map.Entry<String,HashedSession> entry = itor.next(); String id = (String)entry.getKey(); - Session session = (Session)entry.getValue(); + HashedSession session = (HashedSession)entry.getValue(); try { File file = new File (_storeDir, id); @@ -480,7 +479,7 @@ public class HashSessionManager extends AbstractSessionManager } /* ------------------------------------------------------------ */ - public Session restoreSession (InputStream is) throws Exception + public HashedSession restoreSession (InputStream is) throws Exception { /* * Take care of this class's fields first by calling @@ -500,14 +499,14 @@ public class HashSessionManager extends AbstractSessionManager //boolean isNew = in.readBoolean(); int requests = in.readInt(); - Session session = (Session)newSession(created, System.currentTimeMillis(), clusterId); + HashedSession session = (HashedSession)newSession(created, System.currentTimeMillis(), clusterId); session._cookieSet = cookieSet; session._lastAccessed = lastAccessed; int size = in.readInt(); if (size > 0) { - ArrayList keys = new ArrayList(); + ArrayList<String> keys = new ArrayList<String>(); for (int i=0; i<size; i++) { String key = in.readUTF(); @@ -517,7 +516,7 @@ public class HashSessionManager extends AbstractSessionManager for (int i=0;i<size;i++) { Object value = ois.readObject(); - session.setAttribute((String)keys.get(i),value); + session.setAttribute(keys.get(i),value); } ois.close(); } @@ -531,19 +530,19 @@ public class HashSessionManager extends AbstractSessionManager /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ - protected class Session extends AbstractSessionManager.Session + protected class HashedSession extends Session { /* ------------------------------------------------------------ */ private static final long serialVersionUID=-2134521374206116367L; /* ------------------------------------------------------------- */ - protected Session(HttpServletRequest request) + protected HashedSession(HttpServletRequest request) { super(request); } /* ------------------------------------------------------------- */ - protected Session(long created, long accessed, String clusterId) + protected HashedSession(long created, long accessed, String clusterId) { super(created, accessed, clusterId); } diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java index 1e425ca520..2ae24166f3 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java @@ -12,6 +12,7 @@ import javax.servlet.RequestDispatcher; import javax.servlet.ServletInputStream; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.eclipse.jetty.http.HttpCookie; @@ -583,5 +584,9 @@ public class SessionHandlerTest { _checkRemote=remote; } + + public void changeSessionIdOnAuthentication(HttpServletRequest request, HttpServletResponse response) + { + } } } |