Search in sources :

Example 71 with Session

use of org.apache.catalina.Session in project Payara by payara.

the class SingleSignOn method sessionEvent.

// ------------------------------------------------ SessionListener Methods
/**
 * Acknowledge the occurrence of the specified event.
 *
 * @param event SessionEvent that has occurred
 */
@Override
public void sessionEvent(SessionEvent event) {
    // We only care about session destroyed events
    if (!Session.SESSION_DESTROYED_EVENT.equals(event.getType()))
        return;
    // Look up the single session id associated with this session (if any)
    Session session = event.getSession();
    if (debug >= 1) {
        String msg = MessageFormat.format(rb.getString(LogFacade.PROCESS_SESSION_DESTROYED_INFO), session);
        log(msg);
    }
    String ssoId = session.getSsoId();
    if (ssoId == null) {
        return;
    }
    deregister(ssoId, session);
}
Also used : Session(org.apache.catalina.Session)

Example 72 with Session

use of org.apache.catalina.Session in project Payara by payara.

the class Response method isEncodeable.

// ------------------------------------------------------ Protected Methods
/**
 * Return <code>true</code> if the specified URL should be encoded with
 * a session identifier.  This will be true if all of the following
 * conditions are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web
 *     application that is responding to this request
 * </ul>
 *
 * @param location Absolute URL to be validated
 */
protected boolean isEncodeable(final String location) {
    if (location == null)
        return false;
    // Is this an intra-document reference?
    if (location.startsWith("#"))
        return false;
    // Are we in a valid session that is not using cookies?
    final Request hreq = request;
    final Session session = hreq.getSessionInternal(false);
    if (session == null) {
        return false;
    }
    if (hreq.isRequestedSessionIdFromCookie() || getContext() != null && !getContext().isEnableURLRewriting()) {
        return false;
    }
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (AccessController.doPrivileged(new PrivilegedAction<Boolean>() {

            @Override
            public Boolean run() {
                return doIsEncodeable(hreq, session, location);
            }
        }));
    } else {
        return doIsEncodeable(hreq, session, location);
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) Session(org.apache.catalina.Session)

Example 73 with Session

use of org.apache.catalina.Session in project Payara by payara.

the class OutputBuffer method addSessionCookies.

private void addSessionCookies() throws IOException {
    Request req = (Request) response.getRequest();
    if (req.isRequestedSessionIdFromURL()) {
        return;
    }
    StandardContext ctx = (StandardContext) response.getContext();
    if (ctx == null || !ctx.getCookies()) {
        // cookies disabled
        return;
    }
    Session sess = req.getSessionInternal(false);
    if (sess != null) {
        addSessionVersionCookie(req, ctx);
        addSessionCookieWithJvmRoute(req, ctx, sess);
        addSessionCookieWithJReplica(req, ctx, sess);
        addPersistedSessionCookie(req, ctx, sess);
        addJrouteCookie(req, ctx, sess);
        addSsoVersionCookie(req, ctx);
    }
}
Also used : StandardContext(org.apache.catalina.core.StandardContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) Session(org.apache.catalina.Session)

Example 74 with Session

use of org.apache.catalina.Session in project Payara by payara.

the class SingleSignOnEntry method removeSession.

public synchronized void removeSession(Session session) {
    final Session removed = sessions.remove(session.getId());
    log.log(Level.WARNING, "session {0} found (and removed): {1}", new Object[] { session.getId(), removed });
}
Also used : Session(org.apache.catalina.Session)

Example 75 with Session

use of org.apache.catalina.Session in project Payara by payara.

the class ApplicationHttpRequest method getSession.

/**
 * Return the session associated with this Request, creating one
 * if necessary and requested.
 *
 * @param create Create a new session if one does not exist
 */
@Override
public HttpSession getSession(boolean create) {
    if (crossContext) {
        // There cannot be a session if no context has been assigned yet
        if (context == null)
            return (null);
        // Return the current session if it exists and is valid
        if (session != null && session.isValid()) {
            return (session.getSession());
        }
        HttpSession other = super.getSession(false);
        if (create && (other == null)) {
            // First create a session in the first context: the problem is
            // that the top level request is the only one which can
            // create the cookie safely
            other = super.getSession(true);
        }
        if (other != null) {
            Session localSession = null;
            try {
                if (isSessionVersioningSupported) {
                    localSession = context.getManager().findSession(other.getId(), requestedSessionVersion);
                    // XXX need to revisit
                    if (localSession instanceof StandardSession) {
                        incrementSessionVersion((StandardSession) localSession, context);
                    }
                } else {
                    localSession = context.getManager().findSession(other.getId());
                }
            } catch (IOException e) {
            // Ignore
            }
            if ((localSession != null) && !localSession.isValid()) {
                localSession = null;
            } else if (localSession == null && create) {
                // START OF 6364900
                localSession = context.getManager().createSession(other.getId());
                // XXX need to revisit
                if (isSessionVersioningSupported && localSession instanceof StandardSession) {
                    incrementSessionVersion((StandardSession) localSession, context);
                }
                // END OF 6364900
                /* CR 6364900
                    localSession = context.getManager().createEmptySession();
                    localSession.setNew(true);
                    localSession.setValid(true);
                    localSession.setCreationTime(System.currentTimeMillis());
                    localSession.setMaxInactiveInterval
                        (context.getManager().getMaxInactiveIntervalSeconds());
                    localSession.setId(other.getId());
                    */
                // START GlassFish 896
                RequestFacadeHelper reqFacHelper = RequestFacadeHelper.getInstance(getRequest());
                if (reqFacHelper != null) {
                    reqFacHelper.track(localSession);
                }
            // END GlassFish 896
            }
            if (localSession != null) {
                localSession.access();
                session = localSession;
                return session.getSession();
            }
        }
        return null;
    } else {
        return super.getSession(create);
    }
}
Also used : StandardSession(org.apache.catalina.session.StandardSession) IOException(java.io.IOException) Session(org.apache.catalina.Session) StandardSession(org.apache.catalina.session.StandardSession)

Aggregations

Session (org.apache.catalina.Session)106 IOException (java.io.IOException)24 Manager (org.apache.catalina.Manager)22 Context (org.apache.catalina.Context)16 HttpSession (javax.servlet.http.HttpSession)13 StringManager (org.apache.tomcat.util.res.StringManager)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)9 HttpSession (jakarta.servlet.http.HttpSession)7 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)7 Principal (java.security.Principal)6 Realm (org.apache.catalina.Realm)6 StandardContext (org.apache.catalina.core.StandardContext)6 ClusterSession (org.apache.catalina.ha.ClusterSession)6 DeltaSession (org.apache.catalina.ha.session.DeltaSession)6 Container (org.apache.catalina.Container)5 ArrayList (java.util.ArrayList)4 StandardSession (org.apache.catalina.session.StandardSession)4 BufferedOutputStream (java.io.BufferedOutputStream)3 File (java.io.File)3 ObjectOutputStream (java.io.ObjectOutputStream)3