Example 16 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class PESessionLocker method lockSession.
/**
* lock the session associated with this request
* this will be a foreground lock
* checks for background lock to clear
* and does a decay poll loop to wait until
* it is clear; after 5 times it takes control for
* the foreground
* @param request
*/
public boolean lockSession(ServletRequest request) throws ServletException {
boolean result = false;
Session sess = this.getSession(request);
// now lock the session
if (sess != null) {
long pollTime = 200L;
int maxNumberOfRetries = 7;
int tryNumber = 0;
boolean keepTrying = true;
boolean lockResult = false;
// poll and wait starting with 200 ms
while (keepTrying) {
lockResult = sess.lockForeground();
if (lockResult) {
keepTrying = false;
result = true;
break;
}
tryNumber++;
if (tryNumber < maxNumberOfRetries) {
pollTime = pollTime * 2L;
threadSleep(pollTime);
} else {
// instead of above; unlock the background so we can take over
if (sess instanceof StandardSession) {
((StandardSession) sess).unlockBackground();
}
}
}
}
return result;
}
Also used :
StandardSession(org.apache.catalina.session.StandardSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 17 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class FileStore method load.
/**
* Load and return the Session associated with the specified session
* identifier from this Store, without removing it. If there is no
* such stored Session, return <code>null</code>.
*
* @param id Session identifier of the session to load
*
* @exception ClassNotFoundException if a deserialization error occurs
* @exception IOException if an input/output error occurs
*/
public Session load(String id) throws ClassNotFoundException, IOException {
// HERCULES:addition
// Check to see if it's in our cache first
Session sess = sessions.get(id);
if (sess != null) {
return sess;
}
// HERCULES:addition
// Open an input stream to the specified pathname, if any
File file = file(id);
if (file == null) {
return (null);
}
if (!file.exists()) {
return (null);
}
if (debug >= 1) {
String msg = MessageFormat.format(rb.getString(LogFacade.LOADING_SESSION_FROM_FILE), new Object[] { id, file.getAbsolutePath() });
log(msg);
}
FileInputStream fis = null;
BufferedInputStream bis = null;
ObjectInputStream ois = null;
Loader loader = null;
ClassLoader classLoader = null;
try {
fis = new FileInputStream(file.getAbsolutePath());
bis = new BufferedInputStream(fis);
Container container = manager.getContainer();
if (container != null) {
ois = ((StandardContext) container).createObjectInputStream(bis);
} else {
ois = new ObjectInputStream(bis);
}
// end HERCULES:mod
} catch (FileNotFoundException e) {
if (debug >= 1)
log("No persisted data file found");
return (null);
} catch (IOException e) {
if (bis != null) {
try {
bis.close();
} catch (IOException f) {
// Ignore
}
}
if (fis != null) {
try {
fis.close();
} catch (IOException f) {
// Ignore
}
}
throw e;
}
try {
StandardSession session = StandardSession.deserialize(ois, manager);
session.setManager(manager);
// HERCULES: addition
// Put it in the cache
sessions.put(session.getIdInternal(), session);
// HERCULES: addition
return (session);
} finally {
// Close the input stream
if (ois != null) {
try {
ois.close();
} catch (IOException f) {
// Ignore
}
}
}
}
Also used :
Container(org.apache.catalina.Container)
BufferedInputStream(java.io.BufferedInputStream)
FileNotFoundException(java.io.FileNotFoundException)
Loader(org.apache.catalina.Loader)
IOException(java.io.IOException)
File(java.io.File)
FileInputStream(java.io.FileInputStream)
Session(org.apache.catalina.Session)
ObjectInputStream(java.io.ObjectInputStream)
Example 18 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Request method lockSession.
// END GlassFish 896
/**
* lock the session associated with this request
* this will be a foreground lock
* checks for background lock to clear
* and does a decay poll loop to wait until
* it is clear; after 5 times it takes control for
* the foreground
*
* @return the session that's been locked
*/
@Override
public Session lockSession() {
Session sess = getSessionInternal(false);
// Now lock the session
if (sess != null) {
long pollTime = 200L;
int maxNumberOfRetries = 7;
int tryNumber = 0;
boolean keepTrying = true;
boolean lockResult = false;
// Poll and wait starting with 200 ms.
while (keepTrying) {
lockResult = sess.lockForeground();
if (lockResult) {
keepTrying = false;
break;
}
tryNumber++;
if (tryNumber < maxNumberOfRetries) {
pollTime = pollTime * 2L;
threadSleep(pollTime);
} else {
// Tried to wait and lock maxNumberOfRetries times.
// Unlock the background so we can take over.
log.log(Level.WARNING, LogFacade.BREAKING_BACKGROUND_LOCK_EXCEPTION, sess);
if (sess instanceof StandardSession) {
((StandardSession) sess).unlockBackground();
}
}
}
}
return sess;
}
Also used :
StandardSession(org.apache.catalina.session.StandardSession)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 19 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class ApplicationHttpRequest method isRequestedSessionIdValid.
/**
* Returns true if the request specifies a JSESSIONID that is valid within
* the context of this ApplicationHttpRequest, false otherwise.
*
* @return true if the request specifies a JSESSIONID that is valid within
* the context of this ApplicationHttpRequest, false otherwise.
*/
@Override
public boolean isRequestedSessionIdValid() {
if (crossContext) {
String requestedSessionId = getRequestedSessionId();
if (requestedSessionId == null)
return (false);
if (context == null)
return (false);
if (session != null && requestedSessionId.equals(session.getIdInternal())) {
return session.isValid();
}
Manager manager = context.getManager();
if (manager == null)
return (false);
Session localSession = null;
try {
if (isSessionVersioningSupported) {
localSession = manager.findSession(requestedSessionId, requestedSessionVersion);
} else {
localSession = manager.findSession(requestedSessionId);
}
} catch (IOException e) {
localSession = null;
}
if ((localSession != null) && localSession.isValid()) {
return (true);
} else {
return (false);
}
} else {
return super.isRequestedSessionIdValid();
}
}
Also used :
IOException(java.io.IOException)
Manager(org.apache.catalina.Manager)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 20 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class WebProgrammaticLoginImpl method login.
/**
* Login and set up principal in request and session. This implements programmatic login for servlets.
*
* <P>
* Due to a number of bugs in RI the security context is not shared between web container and ejb container. In order
* for an identity established by programmatic login to be known to both containers, it needs to be set not only in the
* security context but also in the current request and, if applicable, the session object. If a session does not exist
* this method does not create one.
*
* <P>
* See bugs 4646134, 4688449 and other referenced bugs for more background.
*
* <P>
* Note also that this login does not hook up into SSO.
*
* @param user User name to login.
* @param password User password.
* @param request HTTP request object provided by caller application. It should be an instance of HttpRequestFacade.
* @param response HTTP response object provided by called application. It should be an instance of HttpServletResponse.
* This is not used currently.
* @param realm the realm name to be authenticated to. If the realm is null, authentication takes place in default realm
* @returns A Boolean object; true if login succeeded, false otherwise.
* @see com.sun.enterprise.security.ee.auth.login.ProgrammaticLogin
* @throws Exception on login failure.
*/
@Override
public Boolean login(String user, char[] password, String realm, HttpServletRequest request, HttpServletResponse response) {
// Need real request object not facade
Request req = getUnwrappedCoyoteRequest(request);
if (req == null) {
return Boolean.valueOf(false);
}
// Try to login - this will set up security context on success
LoginContextDriver.login(user, password, realm);
// Create a WebPrincipal for tomcat and store in current request
// This will allow programmatic authorization later in this request
// to work as expected.
SecurityContext secCtx = SecurityContext.getCurrent();
// since login succeeded above
assert (secCtx != null);
WebPrincipal principal = new WebPrincipal(user, password, secCtx);
req.setUserPrincipal(principal);
req.setAuthType(WEBAUTH_PROGRAMMATIC);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Programmatic login set principal in http request to: " + user);
}
// Try to retrieve a Session object (not the facade); if it exists
// store the principal there as well. This will allow web container
// authorization to work in subsequent requests in this session.
Session realSession = getSession(req);
if (realSession != null) {
realSession.setPrincipal(principal);
realSession.setAuthType(WEBAUTH_PROGRAMMATIC);
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Programmatic login set principal in session.");
}
} else {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Programmatic login: No session available.");
}
}
return Boolean.valueOf(true);
}
Also used :
Request(org.apache.catalina.connector.Request)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityContext(com.sun.enterprise.security.SecurityContext)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
Aggregations
Session (org.apache.catalina.Session)58
HttpSession (javax.servlet.http.HttpSession)17
Manager (org.apache.catalina.Manager)16
IOException (java.io.IOException)13
StandardSession (org.apache.catalina.session.StandardSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
Context (org.apache.catalina.Context)7
StringManager (org.apache.tomcat.util.res.StringManager)7
StandardContext (org.apache.catalina.core.StandardContext)5
Principal (java.security.Principal)3
Container (org.apache.catalina.Container)3
LifecycleException (org.apache.catalina.LifecycleException)3
Realm (org.apache.catalina.Realm)3
File (java.io.File)2
ArrayList (java.util.ArrayList)2
ServletContext (javax.servlet.ServletContext)2
ServletRequest (javax.servlet.ServletRequest)2
Cookie (javax.servlet.http.Cookie)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Loader (org.apache.catalina.Loader)2
