Search in sources :

Example 1 with Manager

use of org.apache.catalina.Manager in project tomcat70 by apache.

the class ReplicationValve method createPrimaryIndicator.

/**
 * Mark Request that processed at primary node with attribute
 * primaryIndicatorName
 *
 * @param request
 * @throws IOException
 */
protected void createPrimaryIndicator(Request request) throws IOException {
    String id = request.getRequestedSessionId();
    if ((id != null) && (id.length() > 0)) {
        Manager manager = request.getContext().getManager();
        Session session = manager.findSession(id);
        if (session instanceof ClusterSession) {
            ClusterSession cses = (ClusterSession) session;
            if (log.isDebugEnabled())
                log.debug(sm.getString("ReplicationValve.session.indicator", request.getContext().getName(), id, primaryIndicatorName, Boolean.valueOf(cses.isPrimarySession())));
            request.setAttribute(primaryIndicatorName, cses.isPrimarySession() ? Boolean.TRUE : Boolean.FALSE);
        } else {
            if (log.isDebugEnabled()) {
                if (session != null) {
                    log.debug(sm.getString("ReplicationValve.session.found", request.getContext().getName(), id));
                } else {
                    log.debug(sm.getString("ReplicationValve.session.invalid", request.getContext().getName(), id));
                }
            }
        }
    }
}
Also used : ClusterSession(org.apache.catalina.ha.ClusterSession) DeltaManager(org.apache.catalina.ha.session.DeltaManager) ClusterManager(org.apache.catalina.ha.ClusterManager) StringManager(org.apache.tomcat.util.res.StringManager) Manager(org.apache.catalina.Manager) Session(org.apache.catalina.Session) ClusterSession(org.apache.catalina.ha.ClusterSession) DeltaSession(org.apache.catalina.ha.session.DeltaSession)

Example 2 with Manager

use of org.apache.catalina.Manager in project tomcat70 by apache.

the class StoreBase method setManager.

/**
 * Set the Manager with which this Store is associated.
 *
 * @param manager The newly associated Manager
 */
@Override
public void setManager(Manager manager) {
    Manager oldManager = this.manager;
    this.manager = manager;
    support.firePropertyChange("manager", oldManager, this.manager);
}
Also used : StringManager(org.apache.tomcat.util.res.StringManager) Manager(org.apache.catalina.Manager)

Example 3 with Manager

use of org.apache.catalina.Manager in project tomcat70 by apache.

the class Request method doGetSession.

// ------------------------------------------------------ Protected Methods
protected Session doGetSession(boolean create) {
    // There cannot be a session if no context has been assigned yet
    Context context = getContext();
    if (context == null) {
        return (null);
    }
    // Return the current session if it exists and is valid
    if ((session != null) && !session.isValid()) {
        session = null;
    }
    if (session != null) {
        return (session);
    }
    // Return the requested session if it exists and is valid
    Manager manager = context.getManager();
    if (manager == null) {
        // Sessions are not supported
        return null;
    }
    if (requestedSessionId != null) {
        try {
            session = manager.findSession(requestedSessionId);
        } catch (IOException e) {
            session = null;
        }
        if ((session != null) && !session.isValid()) {
            session = null;
        }
        if (session != null) {
            session.access();
            return (session);
        }
    }
    // Create a new session if requested and the response is not committed
    if (!create) {
        return (null);
    }
    if ((response != null) && context.getServletContext().getEffectiveSessionTrackingModes().contains(SessionTrackingMode.COOKIE) && response.getResponse().isCommitted()) {
        throw new IllegalStateException(sm.getString("coyoteRequest.sessionCreateCommitted"));
    }
    // Re-use session IDs provided by the client in very limited
    // circumstances.
    String sessionId = getRequestedSessionId();
    if (requestedSessionSSL) {
    // If the session ID has been obtained from the SSL handshake then
    // use it.
    } else if (("/".equals(context.getSessionCookiePath()) && isRequestedSessionIdFromCookie())) {
        /* This is the common(ish) use case: using the same session ID with
             * multiple web applications on the same host. Typically this is
             * used by Portlet implementations. It only works if sessions are
             * tracked via cookies. The cookie must have a path of "/" else it
             * won't be provided for requests to all web applications.
             *
             * Any session ID provided by the client should be for a session
             * that already exists somewhere on the host. Check if the context
             * is configured for this to be confirmed.
             */
        if (context.getValidateClientProvidedNewSessionId()) {
            boolean found = false;
            for (Container container : getHost().findChildren()) {
                Manager m = ((Context) container).getManager();
                if (m != null) {
                    try {
                        if (m.findSession(sessionId) != null) {
                            found = true;
                            break;
                        }
                    } catch (IOException e) {
                    // Ignore. Problems with this manager will be
                    // handled elsewhere.
                    }
                }
            }
            if (!found) {
                sessionId = null;
            }
        }
    } else {
        sessionId = null;
    }
    session = manager.createSession(sessionId);
    // Creating a new session cookie based on that session
    if ((session != null) && (getContext() != null) && getContext().getServletContext().getEffectiveSessionTrackingModes().contains(SessionTrackingMode.COOKIE)) {
        Cookie cookie = ApplicationSessionCookieConfig.createSessionCookie(context, session.getIdInternal(), isSecure());
        response.addSessionCookieInternal(cookie);
    }
    if (session == null) {
        return null;
    }
    session.access();
    return session;
}
Also used : ServletRequestContext(org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext) AsyncContext(javax.servlet.AsyncContext) Context(org.apache.catalina.Context) ServletContext(javax.servlet.ServletContext) ServerCookie(org.apache.tomcat.util.http.ServerCookie) Cookie(javax.servlet.http.Cookie) Container(org.apache.catalina.Container) IOException(java.io.IOException) StringManager(org.apache.tomcat.util.res.StringManager) Manager(org.apache.catalina.Manager)

Example 4 with Manager

use of org.apache.catalina.Manager in project tomcat70 by apache.

the class AuthenticatorBase method register.

/**
 * Register an authenticated Principal and authentication type in our
 * request, in the current session (if there is one), and with our
 * SingleSignOn valve, if there is one.  Set the appropriate cookie
 * to be returned.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are generating
 * @param principal The authenticated Principal to be registered
 * @param authType The authentication type to be registered
 * @param username Username used to authenticate (if any)
 * @param password Password used to authenticate (if any)
 */
public void register(Request request, HttpServletResponse response, Principal principal, String authType, String username, String password) {
    if (log.isDebugEnabled()) {
        String name = (principal == null) ? "none" : principal.getName();
        log.debug("Authenticated '" + name + "' with type '" + authType + "'");
    }
    // Cache the authentication information in our request
    request.setAuthType(authType);
    request.setUserPrincipal(principal);
    Session session = request.getSessionInternal(false);
    if (session != null) {
        // the session ID. See BZ 59043.
        if (changeSessionIdOnAuthentication && principal != null) {
            Manager manager = request.getContext().getManager();
            manager.changeSessionId(session);
            request.changeSessionId(session.getId());
        }
    } else if (alwaysUseSession) {
        session = request.getSessionInternal(true);
    }
    // Cache the authentication information in our session, if any
    if (cache) {
        if (session != null) {
            session.setAuthType(authType);
            session.setPrincipal(principal);
            if (username != null)
                session.setNote(Constants.SESS_USERNAME_NOTE, username);
            else
                session.removeNote(Constants.SESS_USERNAME_NOTE);
            if (password != null)
                session.setNote(Constants.SESS_PASSWORD_NOTE, password);
            else
                session.removeNote(Constants.SESS_PASSWORD_NOTE);
        }
    }
    // Construct a cookie to be returned to the client
    if (sso == null)
        return;
    // Only create a new SSO entry if the SSO did not already set a note
    // for an existing entry (as it would do with subsequent requests
    // for DIGEST and SSL authenticated contexts)
    String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
    if (ssoId == null) {
        // Construct a cookie to be returned to the client
        ssoId = sessionIdGenerator.generateSessionId();
        Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, ssoId);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        // Bugzilla 41217
        cookie.setSecure(request.isSecure());
        // Bugzilla 34724
        String ssoDomain = sso.getCookieDomain();
        if (ssoDomain != null) {
            cookie.setDomain(ssoDomain);
        }
        // Configure httpOnly on SSO cookie using same rules as session cookies
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() || request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }
        response.addCookie(cookie);
        // Register this principal with our SSO valve
        sso.register(ssoId, principal, authType, username, password);
        request.setNote(Constants.REQ_SSOID_NOTE, ssoId);
    } else {
        if (principal == null) {
            // Registering a programmatic logout
            sso.deregister(ssoId);
            request.removeNote(Constants.REQ_SSOID_NOTE);
            return;
        } else {
            // Update the SSO session with the latest authentication data
            sso.update(ssoId, principal, authType, username, password);
        }
    }
    // SSO entry will never be cleared if we don't associate the session
    if (session == null)
        session = request.getSessionInternal(true);
    sso.associate(ssoId, session);
}
Also used : Cookie(javax.servlet.http.Cookie) StringManager(org.apache.tomcat.util.res.StringManager) Manager(org.apache.catalina.Manager) Session(org.apache.catalina.Session)

Example 5 with Manager

use of org.apache.catalina.Manager in project tomcat70 by apache.

the class FormAuthenticator method forwardToLoginPage.

// ------------------------------------------------------ Protected Methods
/**
 * Called to forward to the login page
 *
 * @param request Request we are processing
 * @param response Response we are populating
 * @param config    Login configuration describing how authentication
 *              should be performed
 * @throws IOException  If the forward to the login page fails and the call
 *                      to {@link HttpServletResponse#sendError(int, String)}
 *                      throws an {@link IOException}
 */
protected void forwardToLoginPage(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
    if (log.isDebugEnabled()) {
        log.debug(sm.getString("formAuthenticator.forwardLogin", request.getRequestURI(), request.getMethod(), config.getLoginPage(), context.getName()));
    }
    String loginPage = config.getLoginPage();
    if (loginPage == null || loginPage.length() == 0) {
        String msg = sm.getString("formAuthenticator.noLoginPage", context.getName());
        log.warn(msg);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, msg);
        return;
    }
    if (getChangeSessionIdOnAuthentication()) {
        Session session = request.getSessionInternal(false);
        if (session != null) {
            Manager manager = request.getContext().getManager();
            manager.changeSessionId(session);
            request.changeSessionId(session.getId());
        }
    }
    // Always use GET for the login page, regardless of the method used
    String oldMethod = request.getMethod();
    request.getCoyoteRequest().method().setString("GET");
    RequestDispatcher disp = context.getServletContext().getRequestDispatcher(loginPage);
    try {
        if (context.fireRequestInitEvent(request.getRequest())) {
            disp.forward(request.getRequest(), response);
            context.fireRequestDestroyEvent(request.getRequest());
        }
    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        String msg = sm.getString("formAuthenticator.forwardLoginFail");
        log.warn(msg, t);
        request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, t);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, msg);
    } finally {
        // Restore original method so that it is written into access log
        request.getCoyoteRequest().method().setString(oldMethod);
    }
}
Also used : Manager(org.apache.catalina.Manager) RequestDispatcher(javax.servlet.RequestDispatcher) Session(org.apache.catalina.Session)

Aggregations

Manager (org.apache.catalina.Manager)54 StringManager (org.apache.tomcat.util.res.StringManager)26 IOException (java.io.IOException)22 Session (org.apache.catalina.Session)22 Context (org.apache.catalina.Context)19 Container (org.apache.catalina.Container)13 LifecycleException (org.apache.catalina.LifecycleException)12 Lifecycle (org.apache.catalina.Lifecycle)11 Loader (org.apache.catalina.Loader)11 InstanceManager (org.apache.tomcat.InstanceManager)11 StandardManager (org.apache.catalina.session.StandardManager)10 Realm (org.apache.catalina.Realm)9 ServletException (javax.servlet.ServletException)7 ArrayList (java.util.ArrayList)6 NamingException (javax.naming.NamingException)6 Cluster (org.apache.catalina.Cluster)6 DistributedManager (org.apache.catalina.DistributedManager)6 StandardContext (org.apache.catalina.core.StandardContext)6 WebappLoader (org.apache.catalina.loader.WebappLoader)6 ServletException (jakarta.servlet.ServletException)5