Example 51 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Request method isRequestedSessionIdValid.
/**
* Return <code>true</code> if the session identifier included in this
* request identifies a valid session.
*/
@Override
public boolean isRequestedSessionIdValid() {
if (requestedSessionId == null) {
return false;
}
if (context == null) {
return false;
}
if (session != null && requestedSessionId.equals(session.getIdInternal())) {
return session.isValid();
}
Manager manager = context.getManager();
if (manager == null) {
return false;
}
Session localSession = null;
try {
if (manager.isSessionVersioningSupported()) {
localSession = manager.findSession(requestedSessionId, requestedSessionVersion);
} else {
localSession = manager.findSession(requestedSessionId, this);
}
} catch (IOException e) {
localSession = null;
}
if (localSession != null && localSession.isValid()) {
return true;
} else {
return false;
}
}
Also used :
IOException(java.io.IOException)
Manager(org.apache.catalina.Manager)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 52 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Response method toEncoded.
/**
* Return the specified URL with the specified session identifier
* suitably encoded.
*
* @param url URL to be encoded with the session id
* @param sessionId Session id to be included in the encoded URL
* @param sessionVersion Session version to be included in the encoded URL
*/
private String toEncoded(String url, String sessionId, String sessionVersion) {
if (url == null || sessionId == null)
return url;
String path = url;
String query = "";
String anchor = "";
int question = url.indexOf('?');
if (question >= 0) {
path = url.substring(0, question);
query = url.substring(question);
}
int pound = path.indexOf('#');
if (pound >= 0) {
anchor = path.substring(pound);
path = path.substring(0, pound);
}
StringBuilder sb = new StringBuilder(path);
if (sb.length() > 0) {
// jsessionid can't be first.
StandardContext ctx = (StandardContext) getContext();
String sessionParamName = ctx != null ? ctx.getSessionParameterName() : Globals.SESSION_PARAMETER_NAME;
sb.append(";" + sessionParamName + "=");
sb.append(sessionId);
if (ctx != null && ctx.getJvmRoute() != null) {
sb.append('.').append(ctx.getJvmRoute());
}
// START SJSAS 6337561
String jrouteId = request.getHeader(Constants.PROXY_JROUTE);
if (jrouteId != null) {
sb.append(":");
sb.append(jrouteId);
}
// END SJSAS 6337561
final Session session = request.getSessionInternal(false);
if (session != null) {
String replicaLocation = (String) session.getNote(Globals.JREPLICA_SESSION_NOTE);
if (replicaLocation != null) {
sb.append(Globals.JREPLICA_PARAMETER);
sb.append(replicaLocation);
}
}
if (sessionVersion != null) {
sb.append(Globals.SESSION_VERSION_PARAMETER);
sb.append(sessionVersion);
}
}
sb.append(anchor);
sb.append(query);
return sb.toString();
}
Also used :
StandardContext(org.apache.catalina.core.StandardContext)
RequestUtil.createSessionVersionString(org.apache.catalina.util.RequestUtil.createSessionVersionString)
Session(org.apache.catalina.Session)
Example 53 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Response method isEncodeable.
// ------------------------------------------------------ Protected Methods
/**
* Return <code>true</code> if the specified URL should be encoded with
* a session identifier. This will be true if all of the following
* conditions are met:
* <ul>
* <li>The request we are responding to asked for a valid session
* <li>The requested session ID was not received via a cookie
* <li>The specified URL points back to somewhere within the web
* application that is responding to this request
* </ul>
*
* @param location Absolute URL to be validated
*/
protected boolean isEncodeable(final String location) {
if (location == null)
return false;
// Is this an intra-document reference?
if (location.startsWith("#"))
return false;
// Are we in a valid session that is not using cookies?
final Request hreq = request;
final Session session = hreq.getSessionInternal(false);
if (session == null) {
return false;
}
if (hreq.isRequestedSessionIdFromCookie() || getContext() != null && !getContext().isEnableURLRewriting()) {
return false;
}
if (SecurityUtil.isPackageProtectionEnabled()) {
return (AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
return Boolean.valueOf(doIsEncodeable(hreq, session, location));
}
})).booleanValue();
} else {
return doIsEncodeable(hreq, session, location);
}
}
Also used :
Session(org.apache.catalina.Session)
Example 54 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class ApplicationHttpRequest method getSession.
/**
* Return the session associated with this Request, creating one
* if necessary and requested.
*
* @param create Create a new session if one does not exist
*/
@Override
public HttpSession getSession(boolean create) {
if (crossContext) {
// There cannot be a session if no context has been assigned yet
if (context == null)
return (null);
// Return the current session if it exists and is valid
if (session != null && session.isValid()) {
return (session.getSession());
}
HttpSession other = super.getSession(false);
if (create && (other == null)) {
// First create a session in the first context: the problem is
// that the top level request is the only one which can
// create the cookie safely
other = super.getSession(true);
}
if (other != null) {
Session localSession = null;
try {
if (isSessionVersioningSupported) {
localSession = context.getManager().findSession(other.getId(), requestedSessionVersion);
// XXX need to revisit
if (localSession instanceof StandardSession) {
incrementSessionVersion((StandardSession) localSession, context);
}
} else {
localSession = context.getManager().findSession(other.getId());
}
} catch (IOException e) {
// Ignore
}
if ((localSession != null) && !localSession.isValid()) {
localSession = null;
} else if (localSession == null && create) {
// START OF 6364900
localSession = context.getManager().createSession(other.getId());
// XXX need to revisit
if (isSessionVersioningSupported && localSession instanceof StandardSession) {
incrementSessionVersion((StandardSession) localSession, context);
}
// END OF 6364900
/* CR 6364900
localSession = context.getManager().createEmptySession();
localSession.setNew(true);
localSession.setValid(true);
localSession.setCreationTime(System.currentTimeMillis());
localSession.setMaxInactiveInterval
(context.getManager().getMaxInactiveIntervalSeconds());
localSession.setId(other.getId());
*/
// START GlassFish 896
RequestFacadeHelper reqFacHelper = RequestFacadeHelper.getInstance(getRequest());
if (reqFacHelper != null) {
reqFacHelper.track(localSession);
}
// END GlassFish 896
}
if (localSession != null) {
localSession.access();
session = localSession;
return session.getSession();
}
}
return null;
} else {
return super.getSession(create);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
StandardSession(org.apache.catalina.session.StandardSession)
IOException(java.io.IOException)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 55 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class WebProgrammaticLoginImpl method logout.
/**
* Logout and remove principal in request and session.
*
* @param request HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.
* @param response HTTP response object provided by called application. It should be an instance of HttpServletResponse.
* This is not used currently.
* @returns A Boolean object; true if login succeeded, false otherwise.
* @see com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin
* @throws Exception any exception encountered during logout operation
*/
@Override
public Boolean logout(HttpServletRequest request, HttpServletResponse response) throws Exception {
// Need real request object not facade
Request req = getUnwrappedCoyoteRequest(request);
if (req == null) {
return Boolean.valueOf(false);
}
// Logout - clears out security context
LoginContextDriver.logout();
// Remove principal and auth type from request
req.setUserPrincipal(null);
req.setAuthType(null);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Programmatic logout removed principal from request.");
}
// Remove from session if possible.
Session realSession = getSession(req);
if (realSession != null) {
realSession.setPrincipal(null);
realSession.setAuthType(null);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Programmatic logout removed principal from " + "session.");
}
}
return Boolean.valueOf(true);
}
Also used :
Request(org.apache.catalina.connector.Request)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
Aggregations
Session (org.apache.catalina.Session)58
HttpSession (javax.servlet.http.HttpSession)17
Manager (org.apache.catalina.Manager)16
IOException (java.io.IOException)13
StandardSession (org.apache.catalina.session.StandardSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
Context (org.apache.catalina.Context)7
StringManager (org.apache.tomcat.util.res.StringManager)7
StandardContext (org.apache.catalina.core.StandardContext)5
Principal (java.security.Principal)3
Container (org.apache.catalina.Container)3
LifecycleException (org.apache.catalina.LifecycleException)3
Realm (org.apache.catalina.Realm)3
File (java.io.File)2
ArrayList (java.util.ArrayList)2
ServletContext (javax.servlet.ServletContext)2
ServletRequest (javax.servlet.ServletRequest)2
Cookie (javax.servlet.http.Cookie)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Loader (org.apache.catalina.Loader)2
