Example 1 with HttpSessionImpl
use of io.undertow.servlet.spec.HttpSessionImpl in project wildfly by wildfly.
the class LogoutSessionListener method sessionDestroyed.
@Override
public void sessionDestroyed(HttpSessionEvent se) {
//we need to get the current account
//there are two options here, we can look for the account in the current request
//or we can look for the account that has been saved in the session
//for maximum compatibility we do both
ServletRequestContext src = ServletRequestContext.current();
Account requestAccount = null;
if (src != null) {
requestAccount = src.getExchange().getSecurityContext().getAuthenticatedAccount();
if (requestAccount != null) {
clearAccount(requestAccount);
}
}
if (se.getSession() instanceof HttpSessionImpl) {
final HttpSessionImpl impl = (HttpSessionImpl) se.getSession();
Session session;
if (WildFlySecurityManager.isChecking()) {
session = WildFlySecurityManager.doChecked(new PrivilegedAction<Session>() {
@Override
public Session run() {
return impl.getSession();
}
});
} else {
session = impl.getSession();
}
if (session != null) {
AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession");
if (authenticatedSession != null) {
Account sessionAccount = authenticatedSession.getAccount();
if (sessionAccount != null && !sessionAccount.equals(requestAccount)) {
clearAccount(sessionAccount);
}
}
}
}
}
Also used :
Account(io.undertow.security.idm.Account)
CachedAuthenticatedSessionHandler(io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)
HttpSessionImpl(io.undertow.servlet.spec.HttpSessionImpl)
PrivilegedAction(java.security.PrivilegedAction)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
AuthenticatedSessionManager(io.undertow.security.api.AuthenticatedSessionManager)
Session(io.undertow.server.session.Session)
Example 2 with HttpSessionImpl
use of io.undertow.servlet.spec.HttpSessionImpl in project undertow by undertow-io.
the class SavedRequest method trySaveRequest.
public static void trySaveRequest(final HttpServerExchange exchange) {
int maxSize = exchange.getConnection().getUndertowOptions().get(UndertowOptions.MAX_BUFFERED_REQUEST_SIZE, 16384);
if (maxSize > 0) {
//if this request has a body try and cache the response
if (!exchange.isRequestComplete()) {
final long requestContentLength = exchange.getRequestContentLength();
if (requestContentLength > maxSize) {
UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
//failed to save the request, we just return
return;
}
//TODO: we should really be used pooled buffers
//TODO: we should probably limit the number of saved requests at any given time
byte[] buffer = new byte[maxSize];
int read = 0;
int res = 0;
InputStream in = exchange.getInputStream();
try {
while ((res = in.read(buffer, read, buffer.length - read)) > 0) {
read += res;
if (read == maxSize) {
UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
//failed to save the request, we just return
return;
}
}
HeaderMap headers = new HeaderMap();
for (HeaderValues entry : exchange.getRequestHeaders()) {
if (entry.getHeaderName().equals(Headers.CONTENT_LENGTH) || entry.getHeaderName().equals(Headers.TRANSFER_ENCODING) || entry.getHeaderName().equals(Headers.CONNECTION)) {
continue;
}
headers.putAll(entry.getHeaderName(), entry);
}
SavedRequest request = new SavedRequest(buffer, read, exchange.getRequestMethod(), exchange.getRelativePath(), exchange.getRequestHeaders());
final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true);
Session underlyingSession;
if (System.getSecurityManager() == null) {
underlyingSession = session.getSession();
} else {
underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
}
underlyingSession.setAttribute(SESSION_KEY, request);
} catch (IOException e) {
UndertowLogger.REQUEST_IO_LOGGER.ioException(e);
}
}
}
}
Also used :
HeaderMap(io.undertow.util.HeaderMap)
HttpSessionImpl(io.undertow.servlet.spec.HttpSessionImpl)
InputStream(java.io.InputStream)
HeaderValues(io.undertow.util.HeaderValues)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
IOException(java.io.IOException)
HttpSession(javax.servlet.http.HttpSession)
Session(io.undertow.server.session.Session)
Example 3 with HttpSessionImpl
use of io.undertow.servlet.spec.HttpSessionImpl in project undertow by undertow-io.
the class SavedRequest method tryRestoreRequest.
public static void tryRestoreRequest(final HttpServerExchange exchange, HttpSession session) {
if (session instanceof HttpSessionImpl) {
Session underlyingSession;
if (System.getSecurityManager() == null) {
underlyingSession = ((HttpSessionImpl) session).getSession();
} else {
underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
}
SavedRequest request = (SavedRequest) underlyingSession.getAttribute(SESSION_KEY);
if (request != null) {
if (request.requestPath.equals(exchange.getRelativePath()) && exchange.isRequestComplete()) {
UndertowLogger.REQUEST_LOGGER.debugf("restoring request body for request to %s", request.requestPath);
exchange.setRequestMethod(request.method);
Connectors.ungetRequestBytes(exchange, new ImmediatePooledByteBuffer(ByteBuffer.wrap(request.data, 0, request.dataLength)));
underlyingSession.removeAttribute(SESSION_KEY);
//clear the existing header map of everything except the connection header
//TODO: are there other headers we should preserve?
Iterator<HeaderValues> headerIterator = exchange.getRequestHeaders().iterator();
while (headerIterator.hasNext()) {
HeaderValues header = headerIterator.next();
if (!header.getHeaderName().equals(Headers.CONNECTION)) {
headerIterator.remove();
}
}
for (Map.Entry<HttpString, List<String>> header : request.headerMap.entrySet()) {
exchange.getRequestHeaders().putAll(header.getKey(), header.getValue());
}
}
}
}
}
Also used :
HttpSessionImpl(io.undertow.servlet.spec.HttpSessionImpl)
HeaderValues(io.undertow.util.HeaderValues)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
HeaderMap(io.undertow.util.HeaderMap)
Map(java.util.Map)
HttpSession(javax.servlet.http.HttpSession)
Session(io.undertow.server.session.Session)
ImmediatePooledByteBuffer(io.undertow.util.ImmediatePooledByteBuffer)
HttpString(io.undertow.util.HttpString)
Example 4 with HttpSessionImpl
use of io.undertow.servlet.spec.HttpSessionImpl in project undertow by undertow-io.
the class SessionRestoringHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
final String incomingSessionId = servletContext.getSessionConfig().findSessionId(exchange);
if (incomingSessionId == null || !data.containsKey(incomingSessionId)) {
next.handleRequest(exchange);
return;
}
//we have some old data
PersistentSession result = data.remove(incomingSessionId);
if (result != null) {
long time = System.currentTimeMillis();
if (time < result.getExpiration().getTime()) {
final HttpSessionImpl session = servletContext.getSession(exchange, true);
final HttpSessionEvent event = new HttpSessionEvent(session);
for (Map.Entry<String, Object> entry : result.getSessionData().entrySet()) {
if (entry.getValue() instanceof HttpSessionActivationListener) {
((HttpSessionActivationListener) entry.getValue()).sessionDidActivate(event);
}
if (entry.getKey().startsWith(HttpSessionImpl.IO_UNDERTOW)) {
session.getSession().setAttribute(entry.getKey(), entry.getValue());
} else {
session.setAttribute(entry.getKey(), entry.getValue());
}
}
}
}
next.handleRequest(exchange);
}
Also used :
HttpSessionImpl(io.undertow.servlet.spec.HttpSessionImpl)
HttpSessionEvent(javax.servlet.http.HttpSessionEvent)
PersistentSession(io.undertow.servlet.api.SessionPersistenceManager.PersistentSession)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
HttpSessionActivationListener(javax.servlet.http.HttpSessionActivationListener)
Example 5 with HttpSessionImpl
use of io.undertow.servlet.spec.HttpSessionImpl in project undertow by undertow-io.
the class SessionListenerBridge method sessionCreated.
@Override
public void sessionCreated(final Session session, final HttpServerExchange exchange) {
final HttpSessionImpl httpSession = SecurityActions.forSession(session, servletContext, true);
applicationListeners.sessionCreated(httpSession);
}
Also used :
HttpSessionImpl(io.undertow.servlet.spec.HttpSessionImpl)
Aggregations
HttpSessionImpl (io.undertow.servlet.spec.HttpSessionImpl)10
Session (io.undertow.server.session.Session)5
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)5
HeaderMap (io.undertow.util.HeaderMap)2
HeaderValues (io.undertow.util.HeaderValues)2
IOException (java.io.IOException)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
HttpSession (javax.servlet.http.HttpSession)2
AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)1
Account (io.undertow.security.idm.Account)1
SessionManager (io.undertow.server.session.SessionManager)1
PersistentSession (io.undertow.servlet.api.SessionPersistenceManager.PersistentSession)1
CachedAuthenticatedSessionHandler (io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)1
HttpString (io.undertow.util.HttpString)1
ImmediatePooledByteBuffer (io.undertow.util.ImmediatePooledByteBuffer)1
InputStream (java.io.InputStream)1
PrivilegedAction (java.security.PrivilegedAction)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
