Example 6 with HttpSession
use of javax.servlet.http.HttpSession in project tomcat by apache.
the class Request method setUserPrincipal.
/**
* Set the Principal who has been authenticated for this Request. This
* value is also used to calculate the value to be returned by the
* <code>getRemoteUser()</code> method.
*
* @param principal The user Principal
*/
public void setUserPrincipal(final Principal principal) {
if (Globals.IS_SECURITY_ENABLED) {
if (subject == null) {
final HttpSession session = getSession(false);
if (session == null) {
// Cache the subject in the request
subject = newSubject(principal);
} else {
// Cache the subject in the request and the session
subject = (Subject) session.getAttribute(Globals.SUBJECT_ATTR);
if (subject == null) {
subject = newSubject(principal);
session.setAttribute(Globals.SUBJECT_ATTR, subject);
} else {
subject.getPrincipals().add(principal);
}
}
} else {
subject.getPrincipals().add(principal);
}
}
userPrincipal = principal;
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Example 7 with HttpSession
use of javax.servlet.http.HttpSession in project tomcat by apache.
the class HTMLManagerServlet method invalidateSessions.
/**
* Invalidate specified sessions.
*
* @param cn Name of the application for which sessions are to be
* invalidated
* @param sessionIds the session ids of the sessions
* @param smClient StringManager for the client's locale
* @return number of invalidated sessions
*/
protected int invalidateSessions(ContextName cn, String[] sessionIds, StringManager smClient) {
if (null == sessionIds) {
return 0;
}
int nbAffectedSessions = 0;
for (int i = 0; i < sessionIds.length; ++i) {
String sessionId = sessionIds[i];
HttpSession session = getSessionForNameAndId(cn, sessionId, smClient).getSession();
if (null == session) {
// Shouldn't happen, but let's play nice...
if (debug >= 1) {
log("WARNING: can't invalidate null session " + sessionId);
}
continue;
}
try {
session.invalidate();
++nbAffectedSessions;
if (debug >= 1) {
log("Invalidating session id " + sessionId);
}
} catch (IllegalStateException ise) {
if (debug >= 1) {
log("Can't invalidate already invalidated session id " + sessionId);
}
}
}
return nbAffectedSessions;
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Example 8 with HttpSession
use of javax.servlet.http.HttpSession in project tomcat by apache.
the class HTMLManagerServlet method removeSessionAttribute.
/**
* Removes an attribute from an HttpSession
* @param cn Name of the application hosting the session from which the
* attribute is to be removed
* @param sessionId the session id
* @param attributeName the attribute name
* @param smClient StringManager for the client's locale
* @return true if there was an attribute removed, false otherwise
*/
protected boolean removeSessionAttribute(ContextName cn, String sessionId, String attributeName, StringManager smClient) {
HttpSession session = getSessionForNameAndId(cn, sessionId, smClient).getSession();
if (null == session) {
// Shouldn't happen, but let's play nice...
if (debug >= 1) {
log("WARNING: can't remove attribute '" + attributeName + "' for null session " + sessionId);
}
return false;
}
boolean wasPresent = (null != session.getAttribute(attributeName));
try {
session.removeAttribute(attributeName);
} catch (IllegalStateException ise) {
if (debug >= 1) {
log("Can't remote attribute '" + attributeName + "' for invalidated session id " + sessionId);
}
}
return wasPresent;
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Example 9 with HttpSession
use of javax.servlet.http.HttpSession in project tomcat by apache.
the class CrawlerSessionManagerValve method invoke.
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
boolean isBot = false;
String sessionId = null;
String clientIp = null;
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": ClientIp=" + request.getRemoteAddr() + ", RequestedSessionId=" + request.getRequestedSessionId());
}
// If the incoming request has a valid session ID, no action is required
if (request.getSession(false) == null) {
// Is this a crawler - check the UA headers
Enumeration<String> uaHeaders = request.getHeaders("user-agent");
String uaHeader = null;
if (uaHeaders.hasMoreElements()) {
uaHeader = uaHeaders.nextElement();
}
// If more than one UA header - assume not a bot
if (uaHeader != null && !uaHeaders.hasMoreElements()) {
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": UserAgent=" + uaHeader);
}
if (uaPattern.matcher(uaHeader).matches()) {
isBot = true;
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": Bot found. UserAgent=" + uaHeader);
}
}
}
// If this is a bot, is the session ID known?
if (isBot) {
clientIp = request.getRemoteAddr();
sessionId = clientIpSessionId.get(clientIp);
if (sessionId != null) {
request.setRequestedSessionId(sessionId);
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": SessionID=" + sessionId);
}
}
}
}
getNext().invoke(request, response);
if (isBot) {
if (sessionId == null) {
// Has bot just created a session, if so make a note of it
HttpSession s = request.getSession(false);
if (s != null) {
clientIpSessionId.put(clientIp, s.getId());
sessionIdClientIp.put(s.getId(), clientIp);
// #valueUnbound() will be called on session expiration
s.setAttribute(this.getClass().getName(), this);
s.setMaxInactiveInterval(sessionInactiveInterval);
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": New bot session. SessionID=" + s.getId());
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(request.hashCode() + ": Bot session accessed. SessionID=" + sessionId);
}
}
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Example 10 with HttpSession
use of javax.servlet.http.HttpSession in project cas by apereo.
the class TerminateSessionAction method destroyApplicationSession.
/**
* Destroy application session.
* Also kills all delegated authn profiles via pac4j.
*
* @param request the request
* @param response the response
*/
protected void destroyApplicationSession(final HttpServletRequest request, final HttpServletResponse response) {
LOGGER.debug("Destroying application session");
final ProfileManager manager = WebUtils.getPac4jProfileManager(request, response);
manager.logout();
final HttpSession session = request.getSession();
if (session != null) {
session.invalidate();
}
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
HttpSession(javax.servlet.http.HttpSession)
Aggregations
HttpSession (javax.servlet.http.HttpSession)730
HttpServletRequest (javax.servlet.http.HttpServletRequest)151
Test (org.junit.Test)110
IOException (java.io.IOException)80
HttpServletResponse (javax.servlet.http.HttpServletResponse)80
ServletException (javax.servlet.ServletException)75
ArrayList (java.util.ArrayList)65
RequestDispatcher (javax.servlet.RequestDispatcher)59
HashMap (java.util.HashMap)48
Map (java.util.Map)44
Locale (java.util.Locale)39
Properties (java.util.Properties)39
PrintWriter (java.io.PrintWriter)38
Cookie (javax.servlet.http.Cookie)27
List (java.util.List)24
SQLException (java.sql.SQLException)23
WebUser (org.compiere.util.WebUser)23
FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)20
IntegrationTest (org.apache.geode.test.junit.categories.IntegrationTest)20
ModelAndView (org.springframework.web.servlet.ModelAndView)20
