Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2012-07-27 05:31:34 +0000
committerJan Bartel2012-07-27 05:31:34 +0000
commit748f06cad7901d7a54d33bfba4f45e67993b73b4 (patch)
treebb4bc134ce83ccb89ce457057a7f1ad8c4aa4b68 /jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
parent2de6fa5c3557008565c61da25e6f75ff1f736217 (diff)
downloadorg.eclipse.jetty.project-748f06cad7901d7a54d33bfba4f45e67993b73b4.tar.gz
org.eclipse.jetty.project-748f06cad7901d7a54d33bfba4f45e67993b73b4.tar.xz
org.eclipse.jetty.project-748f06cad7901d7a54d33bfba4f45e67993b73b4.zip
JETTY-1529 Ensure new session that has just been authenticated does not get renewed
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java30
1 files changed, 30 insertions, 0 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index d6f69bbb91..6d8794e8eb 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -24,8 +24,11 @@ import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.server.AbstractHttpConnection;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Request;
@@ -34,6 +37,7 @@ import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ContextHandler.Context;
import org.eclipse.jetty.server.handler.HandlerWrapper;
+import org.eclipse.jetty.server.session.AbstractSessionManager;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
@@ -286,6 +290,32 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
getInitParameter(name)==null)
setInitParameter(name,context.getInitParameter(name));
}
+
+ //register a session listener to handle securing sessions when authentication is performed
+ context.getContextHandler().addEventListener(new HttpSessionListener()
+ {
+
+ public void sessionDestroyed(HttpSessionEvent se)
+ {
+
+ }
+
+ public void sessionCreated(HttpSessionEvent se)
+ {
+ //if current request is authenticated, then as we have just created the session, mark it as secure, as it has not yet been returned to a user
+ AbstractHttpConnection connection = AbstractHttpConnection.getCurrentConnection();
+ if (connection == null)
+ return;
+ Request request = connection.getRequest();
+ if (request == null)
+ return;
+
+ if (request.isSecure())
+ {
+ se.getSession().setAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE);
+ }
+ }
+ });
}
// complicated resolution of login and identity service to handle

Back to the top