Examples with TremoloHttpSession com.tremolosecurity.proxy.TremoloHttpSession used on opensource projects

Example 1 with TremoloHttpSession

use of com.tremolosecurity.proxy.TremoloHttpSession in project OpenUnison by TremoloSecurity.

the class PostProcess method getHttp.

public CloseableHttpClient getHttp(String finalURL, HttpServletRequest request, UrlHolder holder) {
    ConfigManager cfgMgr = holder.getConfig();
    HttpSession session = request.getSession();
    PoolingHttpClientConnectionManager phcm = (PoolingHttpClientConnectionManager) session.getAttribute("TREMOLO_HTTP_POOL");
    CloseableHttpClient http = (CloseableHttpClient) session.getAttribute("TREMOLO_HTTP_CLIENT");
    if (http == null) {
        if (holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            // create a new connection manager and client
            phcm = new PoolingHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
            BigInteger num = cfgMgr.getCfg().getThreadsPerRoute();
            if (num == null) {
                phcm.setDefaultMaxPerRoute(6);
            } else {
                phcm.setDefaultMaxPerRoute(num.intValue());
            }
            phcm.setDefaultSocketConfig(SocketConfig.custom().setSoKeepAlive(true).build());
            http = HttpClients.custom().setConnectionManager(phcm).setDefaultRequestConfig(cfgMgr.getGlobalHttpClientConfig()).build();
            session.setAttribute("TREMOLO_HTTP_POOL", phcm);
            session.setAttribute("TREMOLO_HTTP_CLIENT", http);
            LogoutUtil.insertFirstLogoutHandler(request, new CloseHttpConnectionsOnLogout(http, phcm));
        } else {
            // no session, need to create single connection
            BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
            RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).setConnectionRequestTimeout(10000).setSocketTimeout(10000).setConnectTimeout(10000).build();
            http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
            session.setAttribute("TREMOLO_HTTP_CM", bhcm);
            session.setAttribute("TREMOLO_HTTP_CLIENT", http);
            // remove from the session pool
            SessionManager sessionMgr = (SessionManager) GlobalEntries.getGlobalEntries().getConfigManager().getContext().getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
            sessionMgr.removeSessionFromCache((TremoloHttpSession) session);
        }
    }
    return http;
}

Example 2 with TremoloHttpSession

use of com.tremolosecurity.proxy.TremoloHttpSession in project OpenUnison by TremoloSecurity.

the class AppConfig method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    synchronized (this.appConfig) {
        if (this.appConfig.cookieName == null) {
            this.loadConfigData(this.filterConfig);
        }
        if (this.appConfig.cookieName == null) {
            response.sendError(401);
            return;
        }
    }
    request.setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    ArrayList<Cookie> sessionCookies = request.getCookies(this.appConfig.cookieName);
    if (sessionCookies == null || sessionCookies.isEmpty()) {
        response.sendError(401);
    } else {
        for (Cookie cookie : sessionCookies) {
            TremoloHttpSession session = SessionManagerImpl.findSessionFromCookie(cookie, this.appConfig.secretKey, (SessionManagerImpl) GlobalEntries.getGlobalEntries().get(ProxyConstants.TREMOLO_SESSION_MANAGER));
            if (session == null) {
                response.sendError(401);
            } else {
                AuthInfo userData = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                if (userData == null || !userData.isAuthComplete() || userData.getAuthLevel() == 0) {
                    response.sendError(401);
                } else {
                    SessionInfo si = new SessionInfo();
                    if (this.appConfig.timeoutSeconds > 0) {
                        ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
                        int extMinLeft = -1;
                        int stdMinLeft = -1;
                        if (extSession != null) {
                            long expires = extSession.getExpires();
                            if (expires <= 0) {
                                extMinLeft = -1;
                            } else {
                                extMinLeft = (int) ((expires - System.currentTimeMillis()) / 1000 / 60);
                            }
                        }
                        DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                        DateTime now = new DateTime();
                        DateTime expires = lastAccessed.plusSeconds(this.appConfig.timeoutSeconds);
                        stdMinLeft = (int) ((expires.getMillis() - System.currentTimeMillis()) / 1000 / 60);
                        if (extMinLeft > stdMinLeft) {
                            si.setMinsLeft(extMinLeft);
                        } else {
                            si.setMinsLeft(stdMinLeft);
                        }
                    } else {
                        si.setMinsLeft(-1);
                    }
                    String json = gson.toJson(si);
                    response.setContentType("application/json");
                    response.getWriter().println(json.trim());
                    response.sendError(200);
                }
            }
        }
    }
}