Examples with SecureRandomSessionIdGenerator io.undertow.server.session.SecureRandomSessionIdGenerator used on opensource projects

Search in sources :

Example 1 with SecureRandomSessionIdGenerator

use of io.undertow.server.session.SecureRandomSessionIdGenerator in project wildfly by wildfly.

the class HttpInvokerHostService method setupRoutes.

private HttpHandler setupRoutes(HttpHandler handler) {
    final SimpleSessionIdentifierCodec codec = new SimpleSessionIdentifierCodec(new SimpleRoutingSupport(), this.host.get().getServer().getRoute());
    final SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator();
    return exchange -> {
        exchange.addResponseCommitListener(ex -> {
            Cookie cookie = ex.getResponseCookies().get(JSESSIONID);
            if (cookie != null) {
                cookie.setValue(codec.encode(cookie.getValue()).toString());
            } else if (ex.getStatusCode() == StatusCodes.UNAUTHORIZED) {
                // add a session cookie in order to avoid sticky session issue after 401 Unauthorized response
                cookie = new CookieImpl("JSESSIONID", codec.encode(generator.createSessionId()).toString());
                cookie.setPath(ex.getResolvedPath());
                exchange.getResponseCookies().put("JSESSIONID", cookie);
            }
        });
        handler.handleRequest(exchange);
    };
}
Also used : CookieImpl(io.undertow.server.handlers.CookieImpl) StopContext(org.jboss.msc.service.StopContext) AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler) StartContext(org.jboss.msc.service.StartContext) SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator) Service(org.jboss.msc.Service) HttpAuthenticationFactory(org.wildfly.security.auth.server.HttpAuthenticationFactory) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) Cookie(io.undertow.server.handlers.Cookie) HttpHandler(io.undertow.server.HttpHandler) SimpleRoutingSupport(org.jboss.as.web.session.SimpleRoutingSupport) List(java.util.List) PathHandler(io.undertow.server.handlers.PathHandler) ElytronContextAssociationHandler(org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler) ElytronIdentityHandler(org.wildfly.httpclient.common.ElytronIdentityHandler) HttpServerAuthenticationMechanism(org.wildfly.security.http.HttpServerAuthenticationMechanism) SimpleSessionIdentifierCodec(org.jboss.as.web.session.SimpleSessionIdentifierCodec) AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler) ElytronHttpExchange(org.wildfly.elytron.web.undertow.server.ElytronHttpExchange) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) StatusCodes(io.undertow.util.StatusCodes) Cookie(io.undertow.server.handlers.Cookie) SimpleRoutingSupport(org.jboss.as.web.session.SimpleRoutingSupport) CookieImpl(io.undertow.server.handlers.CookieImpl) SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator) SimpleSessionIdentifierCodec(org.jboss.as.web.session.SimpleSessionIdentifierCodec)

Example 2 with SecureRandomSessionIdGenerator

use of io.undertow.server.session.SecureRandomSessionIdGenerator in project wildfly by wildfly.

the class UndertowDeploymentInfoService method start.

@Override
public synchronized void start(final StartContext startContext) throws StartException {
    ClassLoader oldTccl = Thread.currentThread().getContextClassLoader();
    try {
        Thread.currentThread().setContextClassLoader(module.getClassLoader());
        DeploymentInfo deploymentInfo = createServletConfig();
        deploymentInfo.setConfidentialPortManager(getConfidentialPortManager());
        handleDistributable(deploymentInfo);
        if (!isElytronActive()) {
            if (securityDomain != null || mergedMetaData.isUseJBossAuthorization()) {
                throw UndertowLogger.ROOT_LOGGER.legacySecurityUnsupported();
            } else {
                deploymentInfo.setSecurityDisabled(true);
            }
        }
        handleAdditionalAuthenticationMechanisms(deploymentInfo);
        SessionConfigMetaData sessionConfig = mergedMetaData.getSessionConfig();
        if (sharedSessionManagerConfig != null && sharedSessionManagerConfig.getSessionConfig() != null) {
            sessionConfig = sharedSessionManagerConfig.getSessionConfig();
        }
        ServletSessionConfig config = null;
        // default session config
        SessionCookieConfig defaultSessionConfig = container.get().getSessionCookieConfig();
        if (defaultSessionConfig != null) {
            config = new ServletSessionConfig();
            if (defaultSessionConfig.getName() != null) {
                config.setName(defaultSessionConfig.getName());
            }
            if (defaultSessionConfig.getDomain() != null) {
                config.setDomain(defaultSessionConfig.getDomain());
            }
            if (defaultSessionConfig.getHttpOnly() != null) {
                config.setHttpOnly(defaultSessionConfig.getHttpOnly());
            }
            if (defaultSessionConfig.getSecure() != null) {
                config.setSecure(defaultSessionConfig.getSecure());
            }
            if (defaultSessionConfig.getMaxAge() != null) {
                config.setMaxAge(defaultSessionConfig.getMaxAge());
            }
            if (defaultSessionConfig.getComment() != null) {
                config.setComment(defaultSessionConfig.getComment());
            }
        }
        SecureRandomSessionIdGenerator sessionIdGenerator = new SecureRandomSessionIdGenerator();
        sessionIdGenerator.setLength(container.get().getSessionIdLength());
        deploymentInfo.setSessionIdGenerator(sessionIdGenerator);
        boolean sessionTimeoutSet = false;
        if (sessionConfig != null) {
            if (sessionConfig.getSessionTimeoutSet()) {
                deploymentInfo.setDefaultSessionTimeout(sessionConfig.getSessionTimeout() * 60);
                sessionTimeoutSet = true;
            }
            CookieConfigMetaData cookieConfig = sessionConfig.getCookieConfig();
            if (config == null) {
                config = new ServletSessionConfig();
            }
            if (cookieConfig != null) {
                if (cookieConfig.getName() != null) {
                    config.setName(cookieConfig.getName());
                }
                if (cookieConfig.getDomain() != null) {
                    config.setDomain(cookieConfig.getDomain());
                }
                if (cookieConfig.getComment() != null) {
                    config.setComment(cookieConfig.getComment());
                }
                config.setSecure(cookieConfig.getSecure());
                config.setPath(cookieConfig.getPath());
                config.setMaxAge(cookieConfig.getMaxAge());
                config.setHttpOnly(cookieConfig.getHttpOnly());
            }
            List<SessionTrackingModeType> modes = sessionConfig.getSessionTrackingModes();
            if (modes != null && !modes.isEmpty()) {
                final Set<SessionTrackingMode> trackingModes = new HashSet<>();
                for (SessionTrackingModeType mode : modes) {
                    switch(mode) {
                        case COOKIE:
                            trackingModes.add(SessionTrackingMode.COOKIE);
                            break;
                        case SSL:
                            trackingModes.add(SessionTrackingMode.SSL);
                            break;
                        case URL:
                            trackingModes.add(SessionTrackingMode.URL);
                            break;
                    }
                }
                config.setSessionTrackingModes(trackingModes);
            }
        }
        if (!sessionTimeoutSet) {
            deploymentInfo.setDefaultSessionTimeout(container.get().getDefaultSessionTimeout() * 60);
        }
        if (config != null) {
            deploymentInfo.setServletSessionConfig(config);
        }
        for (final SetupAction action : setupActions) {
            deploymentInfo.addThreadSetupAction(new UndertowThreadSetupAction(action));
        }
        if (initialHandlerChainWrappers != null) {
            for (HandlerWrapper handlerWrapper : initialHandlerChainWrappers) {
                deploymentInfo.addInitialHandlerChainWrapper(handlerWrapper);
            }
        }
        if (innerHandlerChainWrappers != null) {
            for (HandlerWrapper handlerWrapper : innerHandlerChainWrappers) {
                deploymentInfo.addInnerHandlerChainWrapper(handlerWrapper);
            }
        }
        if (outerHandlerChainWrappers != null) {
            for (HandlerWrapper handlerWrapper : outerHandlerChainWrappers) {
                deploymentInfo.addOuterHandlerChainWrapper(handlerWrapper);
            }
        }
        if (threadSetupActions != null) {
            for (ThreadSetupHandler threadSetupAction : threadSetupActions) {
                deploymentInfo.addThreadSetupAction(threadSetupAction);
            }
        }
        deploymentInfo.setServerName(serverEnvironment.get().getProductConfig().getPrettyVersionString());
        if (undertowService.get().isStatisticsEnabled()) {
            deploymentInfo.setMetricsCollector(new UndertowMetricsCollector());
        }
        ControlPoint controlPoint = this.controlPoint != null ? this.controlPoint.get() : null;
        if (controlPoint != null) {
            deploymentInfo.addOuterHandlerChainWrapper(GlobalRequestControllerHandler.wrapper(controlPoint, allowSuspendedRequests));
        }
        deploymentInfoConsumer.accept(this.deploymentInfo = deploymentInfo);
    } finally {
        Thread.currentThread().setContextClassLoader(oldTccl);
    }
}
Also used : SessionConfigMetaData(org.jboss.metadata.web.spec.SessionConfigMetaData) SessionTrackingMode(javax.servlet.SessionTrackingMode) CookieConfigMetaData(org.jboss.metadata.web.spec.CookieConfigMetaData) SetupAction(org.jboss.as.server.deployment.SetupAction) ControlPoint(org.wildfly.extension.requestcontroller.ControlPoint) ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig) HandlerWrapper(io.undertow.server.HandlerWrapper) ThreadSetupHandler(io.undertow.servlet.api.ThreadSetupHandler) SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator) SessionCookieConfig(org.wildfly.extension.undertow.SessionCookieConfig) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) WebSocketDeploymentInfo(io.undertow.websockets.jsr.WebSocketDeploymentInfo) SessionTrackingModeType(org.jboss.metadata.web.spec.SessionTrackingModeType) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet)

Example 3 with SecureRandomSessionIdGenerator

use of io.undertow.server.session.SecureRandomSessionIdGenerator in project wildfly by wildfly.

the class RemoteHttpInvokerService method start.

@Override
public void start(StartContext context) throws StartException {
    pathHandler.clearPaths();
    SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator();
    pathHandler.addPrefixPath(AFFINITY_PATH, exchange -> {
        String resolved = exchange.getResolvedPath();
        int index = resolved.lastIndexOf(AFFINITY_PATH);
        if (index > 0) {
            resolved = resolved.substring(0, index);
        }
        exchange.getResponseCookies().put("JSESSIONID", new CookieImpl("JSESSIONID", generator.createSessionId()).setPath(resolved));
    });
}
Also used : CookieImpl(io.undertow.server.handlers.CookieImpl) SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator)

Example 4 with SecureRandomSessionIdGenerator

use of io.undertow.server.session.SecureRandomSessionIdGenerator in project wildfly by wildfly.

the class SessionIdGeneratorBuilder method getValue.

@Override
public SessionIdGenerator getValue() {
    SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator();
    generator.setLength(this.host.getValue().getServer().getServletContainer().getSessionIdLength());
    return generator;
}
Also used : SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator)

Example 5 with SecureRandomSessionIdGenerator

use of io.undertow.server.session.SecureRandomSessionIdGenerator in project undertow by undertow-io.

the class DefaultServletCachingListenerTestCase method testFileExistanceCheckCached.

@Test
public void testFileExistanceCheckCached() throws IOException, InterruptedException {
    TestHttpClient client = new TestHttpClient();
    String fileName = new SecureRandomSessionIdGenerator().createSessionId() + ".html";
    try {
        HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/" + fileName);
        HttpResponse result = client.execute(get);
        Assert.assertEquals(StatusCodes.NOT_FOUND, result.getStatusLine().getStatusCode());
        HttpClientUtils.readResponse(result);
        Path f = tmpDir.resolve(fileName);
        Files.write(f, "hello".getBytes());
        Assert.assertTrue("File was not refreshed in " + MAX_WAIT_TIME + "ms", waitUntilRefreshed(client, DefaultServer.getDefaultServerURL() + "/servletContext/" + fileName, StatusCodes.OK, "hello"));
        Files.delete(f);
    } finally {
        client.getConnectionManager().shutdown();
    }
}
Also used : Path(java.nio.file.Path) SecureRandomSessionIdGenerator(io.undertow.server.session.SecureRandomSessionIdGenerator) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Aggregations

SecureRandomSessionIdGenerator (io.undertow.server.session.SecureRandomSessionIdGenerator)6 CookieImpl (io.undertow.server.handlers.CookieImpl)2 TestHttpClient (io.undertow.testutils.TestHttpClient)2 Path (java.nio.file.Path)2 HttpResponse (org.apache.http.HttpResponse)2 HttpGet (org.apache.http.client.methods.HttpGet)2 Test (org.junit.Test)2 AuthenticationCallHandler (io.undertow.security.handlers.AuthenticationCallHandler)1 AuthenticationConstraintHandler (io.undertow.security.handlers.AuthenticationConstraintHandler)1 HandlerWrapper (io.undertow.server.HandlerWrapper)1 HttpHandler (io.undertow.server.HttpHandler)1 Cookie (io.undertow.server.handlers.Cookie)1 PathHandler (io.undertow.server.handlers.PathHandler)1 DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)1 ServletSessionConfig (io.undertow.servlet.api.ServletSessionConfig)1 ThreadSetupHandler (io.undertow.servlet.api.ThreadSetupHandler)1 StatusCodes (io.undertow.util.StatusCodes)1 WebSocketDeploymentInfo (io.undertow.websockets.jsr.WebSocketDeploymentInfo)1 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial